The Fungi wrote:
On Sun, Nov 08, 2009 at 07:13:25PM +0300, Michael Tokarev wrote: [...]And as others in #debian pointed out the overlooked obvious, `chown -R' follows symlinks. So it's sufficient to put a symlink to /etc/passwd into /var/lib/nsd3 to get the system 0wned.[...] Not to downplay the original bug (removed from Cc), but have you tested the above claim? This didn't match my recollection, so I checked and found (at least using the one from coreutils under sid) that chown doesn't follow either symlinks in the tree or even specified as a parameter...
[snip] A good one. It appears that I quite something changed since I last looked at this. No, I didn't test it because I remember it's how things worked before. But that was long before.... ;) As of coreutils-6.0, coreutils supports *at syscalls (incl. fchownat), and always specifying AT_SYMLINK_NOFOLLOW. My system eve had strace that does not understand these!.. ;) See the NEWS file in coreutils package. In particular, this: ----------- * Major changes in release 5.3.0 (2005-01-08) [unstable] ** Bug fixes Several fixes to chgrp and chown for compatibility with POSIX and BSD: Do not affect symbolic links by default. Now, operate on whatever a symbolic link points to, instead. To get the old behavior, use --no-dereference (-h). ----------- So yes you're right, now it does not work like that. Thank you for further clarification! /mjt