[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#554893: startup script should be more careful with chown -R

The Fungi wrote:
On Sun, Nov 08, 2009 at 07:13:25PM +0300, Michael Tokarev wrote:
And as others in #debian pointed out the overlooked obvious, `chown -R'
follows symlinks.  So it's sufficient to put a symlink to /etc/passwd into
/var/lib/nsd3 to get the system 0wned.

Not to downplay the original bug (removed from Cc), but have you
tested the above claim? This didn't match my recollection, so I
checked and found (at least using the one from coreutils under sid)
that chown doesn't follow either symlinks in the tree or even
specified as a parameter...

A good one.  It appears that I quite something changed since I last looked
at this.  No, I didn't test it because I remember it's how things worked
before.  But that was long before.... ;)

As of coreutils-6.0, coreutils supports *at syscalls (incl. fchownat),
and always specifying AT_SYMLINK_NOFOLLOW.  My system eve had strace that
does not understand these!.. ;)

See the NEWS file in coreutils package.  In particular, this:

* Major changes in release 5.3.0 (2005-01-08) [unstable]

** Bug fixes

  Several fixes to chgrp and chown for compatibility with POSIX and BSD:

    Do not affect symbolic links by default.
    Now, operate on whatever a symbolic link points to, instead.
    To get the old behavior, use --no-dereference (-h).

So yes you're right, now it does not work like that.

Thank you for further clarification!


Reply to: