[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 2/2] doc: warn about following symlinks recursively in cho

From: Eric Blake
Subject: Re: [PATCH v2 2/2] doc: warn about following symlinks recursively in chown/chgrp
Date: Thu, 4 Jan 2018 09:51:06 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0

On 01/03/2018 06:17 PM, Michael Orlitzky wrote:
> * doc/coreutils.texi: In both chown and chgrp (which shares
>   its code with chown), operating on symlinks recursively
>   has a window of vulnerability where the destination user
>   or group can change the target of the operation. This commit
>   warns about combining the --dereference, --recursive, and -L
>   flags.

> +This option creates a security risk. In the presence of symlinks, the
> +traversal is not guaranteed to be performed depth-first. As a result,
> +there is a race condition: an attacker may be able to introduce a
> +symlink at a point in the traversal that has yet to be reached. When
> +it is reached, the operation will be performed on the target of that,
> +symlink, possibly allowing the attacker to escalate his privileges.

If others like the wording, you need a grammar fix: s/that,
symlink,/that symlink,/

Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization: |

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]