bug#8752: cp: fchown called before fchmod, unable to set file mode

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#8752: cp: fchown called before fchmod, unable to set file mode

From:	Paul Eggert
Subject:	bug#8752: cp: fchown called before fchmod, unable to set file mode
Date:	Sun, 29 May 2011 12:27:46 -0700
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10

On 05/28/11 06:10, Milan Novak wrote:
> I believe that cp uses wrong order of syscalls when applying target file
> attributes; fchown(2) is called before fchmod(2).
> As a result it looses access to target file and is unable to apply file mode
> correctly; error message is as follows
> "cp: preserving permissions for `target': Not owner"

The general idea in coreutils is given in the following
comment in lib/dirchownmod.c:

         /* On some systems, chown clears S_ISUID and S_ISGID, so do           
            chown before chmod.  On older System V hosts, ordinary             
            users can give their files away via chown; don't worry             
            about that here, since users shouldn't do that.  */

HP-UX is one of the "older System V hosts" that by default allows
ordinary users to give their files away.  This is a mild security
hole, so modern operating systems typically don't allow it.
To get this safer behavior on HP-UX, you can do something like the
following, as the superuser:

# echo "-n CHOWN" >>/etc/privgrp
# setprivgrp -f /etc/privgroup

I suppose coreutils might be modified to work in this (from our
point of view) dinosaurian environment, but it wouldn't be trivial,
since it's vital for the code to still work in the more-typical
case where one should chown before chmod.

If someone (maybe you?) could suggest a patch to coreutils that
fixes the problem on HP-UX and is easy to follow and that doesn't
break or slow down coreutils on typical systems, that'd be nice.
But I suspect you'd be better off disabling CHOWN as shown above,
as that's more secure; besides, coreutils is not the only package
that has problems with the default HP-UX settings.

For more on this please see:

http://lists.gnu.org/archive/html/bug-gzip/2007-06/msg00005.html

You might also want to look at HP's Bastille product: it's
free and it should improve your site's security (the above is one
of the hundreds of security holes it'll close).

[Prev in Thread]

Current Thread

[Next in Thread]

bug#8752: cp: fchown called before fchmod, unable to set file mode, Milan Novak, 2011/05/29
- bug#8752: cp: fchown called before fchmod, unable to set file mode, Paul Eggert <=
  - bug#8752: cp: fchown called before fchmod, unable to set file mode, Paul Eggert, 2011/05/29

Prev by Date: bug#8755: "ls -l" leaks memory
Next by Date: bug#8752: cp: fchown called before fchmod, unable to set file mode
Previous by thread: bug#8752: cp: fchown called before fchmod, unable to set file mode
Next by thread: bug#8752: cp: fchown called before fchmod, unable to set file mode
Index(es):
- Date
- Thread