bug-coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] cp, mv: do preserve extended attributes even for read-only s


From: Ondřej Vašík
Subject: Re: [PATCH] cp, mv: do preserve extended attributes even for read-only source files
Date: Mon, 07 Sep 2009 12:14:42 +0200

Pádraig Brady wrote:
> Ondřej Vašík wrote:
> > Ah, I knew I forgot to do something :). Thanks for spotting this.
> > 
> > Restoring to dest_mode & ~omitted_permissions done in attached patch,
> > dropped redirections from the test as well. Additionally - I modified
> > the copy.c patch a bit - failure of mode change now doesn't mean that I
> > don't try to preserve extended attributes (as it still could pass). 
> 
> 
> > Pádraig is right that it looks like some kind of bug in libattr and
> > fsetxattr() function, as the descriptor should be writable, anyway this
> > should workaround it - at least until they'll fix/change it or other way
> > of solution will be found.
> 
> What's the best place to report that?
> It would be good to add a comment in the code that this is a workaround
> rather than expected behaviour (after confirming the bug of course).

libattr upstream has mailing list xfs at oss.sgi.com , so maybe the best
place is there. 

> > Ok with passing to 7.7, although with such small impact and relatively
> > low danger, it could maybe included to 7.6 (if more snapshots will be
> > before real release).
> 
> To minimize side affects perhaps we should only do the chmod(600)
> if (geteuid () != 0 && !access (src_name, W_OK)) ?

Good idea, it would reduce possibility of security leak, playing with
access rights is always a bit dangerous (although here we play with
rights on destination descriptor, which is imho much more safe).

Additionally - Jim is correct that for different owner 0600 rights are
not sufficient for different owner of the file - and 0666 is too much
devil-like ;) . Any idea?

Greetings,
         Ondřej

Attachment: signature.asc
Description: Toto je digitálně podepsaná část zprávy


reply via email to

[Prev in Thread] Current Thread [Next in Thread]