[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 2/2] doc: warn about following symlinks recursively in chown/chgr
From: |
Michael Orlitzky |
Subject: |
[PATCH 2/2] doc: warn about following symlinks recursively in chown/chgrp |
Date: |
Thu, 28 Dec 2017 15:52:43 -0500 |
* doc/coreutils.texi: In both chown and chgrp (which shares
its code with chown), operating on symlinks recursively
has a window of vulnerability where the destination user
or group can change the target of the operation. This commit
warns about combining the --dereference, --recursive, and -L
flags.
---
doc/coreutils.texi | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index de06c0f63..c7460278f 100644
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -1427,6 +1427,9 @@ a command line argument is a symbolic link to a
directory, traverse it.
@cindex symbolic link to directory, traverse each that is encountered
In a recursive traversal, traverse every symbolic link to a directory
that is encountered.
+This option creates a security risk: an attacker may be able to
+introduce a symlink that reorders the directory traversal, resulting
+in the operation being performed on an arbitrary path of his choosing.
@end macro
@choptL
@@ -10990,6 +10993,10 @@ chown -h -R --from=OLDUSER NEWUSER /
@findex lchown
Do not act on symbolic links themselves but rather on what they point to.
This is the default when not operating recursively.
+Combining this option with @option{--recursive} (@option{-R}) creates
+a security risk: the @var{new-owner} may be able to introduce a
+symlink that reorders the directory traversal, resulting in
+@code{chown} being called on an arbitrary path of his choosing.
@item -h
@itemx --no-dereference
@@ -11120,6 +11127,10 @@ changed.
@findex lchown
Do not act on symbolic links themselves but rather on what they point to.
This is the default when not operating recursively.
+Combining this option with @option{--recursive} (@option{-R}) creates
+a security risk: a member of @var{group} may be able to introduce a
+symlink that reorders the directory traversal, resulting in
+@code{chgrp} being called on an arbitrary path of his choosing.
@item -h
@itemx --no-dereference
--
2.13.6
- Prev by Date:
[PATCH 1/2] doc: clarify chown/chgrp --dereference defaults
- Next by Date:
Multibyte support for sort, uniq, join, tr, cut, paste, expand, unexpand, fmt, fold, and pr
- Previous by thread:
[PATCH 1/2] doc: clarify chown/chgrp --dereference defaults
- Next by thread:
[PATCH] tests: fix recent portability issues on solaris 10
- Index(es):