Re: chmod/chown -R - maybe an ITP
This problem was originally found with rm -r in crontabs, and while now the
programs being raised are chown/chmod I'm sure if we just fix chown/chmod
someone will only point out another binary that can exploited. gzip -r, tar,
anything that recurses could one day be a security hole.
BSD libc provides a generic recurse-safely kind of function with some suitably
inscrutable acronym (I'm told "fts"). The idea is to implement this critical
code once correctly somewhere common so applications don't have to reinvent
the wheel and introduce security holes every time.
It's quite tricky to do right, you have to hold open file descriptors for all
your parent directories and compare them to ".." as you recurse down, and you
have to do lstats,fstats etc on everything before and after you open it.
--
greg
Reply to: