recursive chown should not traverse any symbolic links by default
We have a security issue: chown -R will traverse symbolic link, as documented. Nor BSD nor GNU coreutils do this.
So it's a bit surprising but we can't do chown -R ... on untrusted file hierarchies. Standard gives us some freedom here:
-R Recursively change file user and group IDs. For each file operand that names a directory, chown shall change the user ID (and group ID, if specified) of the directory and all files in the file hierarchy below it. Unless a -H, -L, or -P option is specified, it is unspecified which of these options will be used as the default.
Both BSD chown and GNU coreutils elect to use '-P' by default.
Should we follow them?
Updated by Electric Monk 9 months ago
- Status changed from New to Closed
- % Done changed from 0 to 100
commit 8f5edf1f887948e6be5982cbe7f196909927af91 Author: Alexander Pyhalov <firstname.lastname@example.org> Date: 2019-03-07T15:02:42.000Z 10417 recursive chown should not traverse any symbolic links by default Reviewed by: Andy Fiddaman <email@example.com> Reviewed by: Peter Tribble <firstname.lastname@example.org> Approved by: Dan McDonald <email@example.com>