coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chown: race condition with --recursive -L


From: Michael Orlitzky
Subject: Re: chown: race condition with --recursive -L
Date: Thu, 28 Dec 2017 10:36:17 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0

On 12/20/2017 04:43 PM, Michael Orlitzky wrote:
> When calling chown recursively, there is an "obvious" race condition
> that is handled correctly...
> 
> Can we screw things up by dereferencing symlinks? I think so. The main
> idea is to use a symlink that points "up" to mess up the order, and then
> to exploit the aforementioned race condition.

Does anyone mind if I reserve a CVE for this?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]