[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/2] doc: warn about following symlinks recursively in chown/
Re: [PATCH 2/2] doc: warn about following symlinks recursively in chown/chgrp
Wed, 3 Jan 2018 22:24:13 +0100
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
thank for that 2nd patch as well.
On 12/28/2017 09:52 PM, Michael Orlitzky wrote:
@@ -1427,6 +1427,9 @@ a command line argument is a symbolic link to a
directory, traverse it.
@cindex symbolic link to directory, traverse each that is encountered
In a recursive traversal, traverse every symbolic link to a directory
that is encountered.
+This option creates a security risk: an attacker may be able to
+introduce a symlink that reorders the directory traversal, resulting
+in the operation being performed on an arbitrary path of his choosing.
I'm not an English native-speaker, and somehow this "reorders the directory
traversal" thing confuses me, so I doubt that a regular user will find this
The point is that the attacker can create a symlink during the run of
chown/chgrp which would then be followed and chown/chgrp would operate
on the symlink target ... which in turn may not be what the calling user
- usually 'root' on GNU/Linux systems - was expecting when starting the tool.
Can you find some better words along the above lines?
Thanks & have a nice day,
Re: [PATCH 2/2] doc: warn about following symlinks recursively in chown/chgrp, Michael Orlitzky, 2018/01/03
- Re: [PATCH 2/2] doc: warn about following symlinks recursively in chown/chgrp,
Bernhard Voelker <=