Actions
Bug #10417
closedrecursive chown should not traverse any symbolic links by default
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2019-02-19
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
Description
We have a security issue: chown -R will traverse symbolic link, as documented. Nor BSD nor GNU coreutils do this.
So it's a bit surprising but we can't do chown -R ... on untrusted file hierarchies. Standard gives us some freedom here:
-R Recursively change file user and group IDs. For each file operand that names a directory, chown shall change the user ID (and group ID, if specified) of the directory and all files in the file hierarchy below it. Unless a -H, -L, or -P option is specified, it is unspecified which of these options will be used as the default.
Both BSD chown and GNU coreutils elect to use '-P' by default.
Should we follow them?
Updated by Alexander Pyhalov about 3 years ago
- Subject changed from recursive chown should not traverse any recursive links by default to recursive chown should not traverse any symbolic links by default
Updated by Electric Monk about 3 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
git commit 8f5edf1f887948e6be5982cbe7f196909927af91
commit 8f5edf1f887948e6be5982cbe7f196909927af91 Author: Alexander Pyhalov <apyhalov@gmail.com> Date: 2019-03-07T15:02:42.000Z 10417 recursive chown should not traverse any symbolic links by default Reviewed by: Andy Fiddaman <andy@omniosce.org> Reviewed by: Peter Tribble <peter.tribble@gmail.com> Approved by: Dan McDonald <danmcd@joyent.com>
Actions