[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] install: add -C option to install file only when necessary
|
From: |
Kamil Dudka |
|
Subject: |
Re: [PATCH] install: add -C option to install file only when necessary |
|
Date: |
Mon, 16 Feb 2009 10:33:32 +0100 |
|
User-agent: |
KMail/1.9.6 (enterprise 0.20071012.724442) |
On Thursday 12 February 2009 14:27:09 Jim Meyering wrote:
> While rewriting that,
>
> install accepts a new option, --compare (-C): compare each pair of source
> and destination files, and if the destination has identical content and
> any specified owner, group, permissions, and possibly SELinux context,
> then do not modify the destination at all.
Thanks for review!
> I realized that install must also handle the case in which
> no explicit owner or group option is specified, yet the destination
> owner and/or group do not match the effective ones.
>
> i.e., some file is installed with owner:group of WRONG_USER:WRONG_GROUP,
> yet with proper permissions and matching content, and root runs
> install F /ABS/NAME/OF/F
>
> In that case we *do* want it to unlink the original and perform the
> copy. Currently it would not. This is especially important with
> set-gid and set-uid programs.
>
> > + if (!S_ISREG(src_sb.st_mode) || !S_ISREG(dest_sb.st_mode))
> > + return true;
> > +
> > + if (src_sb.st_size != dest_sb.st_size
> > + || (dest_sb.st_mode & CHMOD_MODE_BITS) != mode
> > + || (owner_id != (uid_t) -1 && dest_sb.st_uid != owner_id)
> > + || (group_id != (gid_t) -1 && dest_sb.st_gid != group_id))
> > + return true;
>
> so replacing the owner/group tests with these should fix it:
> || dest_sb.st_uid != (owner_id == (uid_t) -1 ? geteuid () : owner_id)
> || dest_sb.st_gid != (group_id == (gid_t) -1 ? getegid () : group_id)
Fixed and added new test case.
> But that doesn't take account of the perhaps-unusual case
> in which the destination directory is set-gid (on a file system
> where that matters).
Any idea how to solve this? Should we stat destination directory? Do we really
need this?
> Now that I think of security, I'd prefer that if any non-permission mode
> bits (S_ISUID, S_ISGID, S_ISVTX) should be set, we simply short-circuit
> the optimization and always unlink and then copy.
Also fixed and added new test case.
Kamil
0001-install-add-compare-C-option-to-install-file-o.patch
Description: Text Data
- Re: [PATCH] install: add -C option to install file only when necessary, Jim Meyering, 2009/02/11
- Re: [PATCH] install: add -C option to install file only when necessary, Jim Meyering, 2009/02/16
- Re: [PATCH] install: add -C option to install file only when necessary, Kamil Dudka, 2009/02/17
- Re: [PATCH] install: add -C option to install file only when necessary, Andreas Schwab, 2009/02/17
- Re: [PATCH] install: add -C option to install file only when necessary, Kamil Dudka, 2009/02/17
- Re: [PATCH] install: add -C option to install file only when necessary, Jim Meyering, 2009/02/17