coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 2/2] doc: warn about following symlinks recursively in chown/chgr


From: Michael Orlitzky
Subject: [PATCH 2/2] doc: warn about following symlinks recursively in chown/chgrp
Date: Thu, 28 Dec 2017 15:52:43 -0500

* doc/coreutils.texi: In both chown and chgrp (which shares
  its code with chown), operating on symlinks recursively
  has a window of vulnerability where the destination user
  or group can change the target of the operation. This commit
  warns about combining the --dereference, --recursive, and -L
  flags.
---
 doc/coreutils.texi | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index de06c0f63..c7460278f 100644
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -1427,6 +1427,9 @@ a command line argument is a symbolic link to a 
directory, traverse it.
 @cindex symbolic link to directory, traverse each that is encountered
 In a recursive traversal, traverse every symbolic link to a directory
 that is encountered.
+This option creates a security risk: an attacker may be able to
+introduce a symlink that reorders the directory traversal, resulting
+in the operation being performed on an arbitrary path of his choosing.
 @end macro
 @choptL
 
@@ -10990,6 +10993,10 @@ chown -h -R --from=OLDUSER NEWUSER /
 @findex lchown
 Do not act on symbolic links themselves but rather on what they point to.
 This is the default when not operating recursively.
+Combining this option with @option{--recursive} (@option{-R}) creates
+a security risk: the @var{new-owner} may be able to introduce a
+symlink that reorders the directory traversal, resulting in
+@code{chown} being called on an arbitrary path of his choosing.
 
 @item -h
 @itemx --no-dereference
@@ -11120,6 +11127,10 @@ changed.
 @findex lchown
 Do not act on symbolic links themselves but rather on what they point to.
 This is the default when not operating recursively.
+Combining this option with @option{--recursive} (@option{-R}) creates
+a security risk: a member of @var{group} may be able to introduce a
+symlink that reorders the directory traversal, resulting in
+@code{chgrp} being called on an arbitrary path of his choosing.
 
 @item -h
 @itemx --no-dereference
-- 
2.13.6




reply via email to

[Prev in Thread] Current Thread [Next in Thread]