Project

General

Profile

Bug #10417

recursive chown should not traverse any symbolic links by default

Added by Alexander Pyhalov 10 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2019-02-19
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

We have a security issue: chown -R will traverse symbolic link, as documented. Nor BSD nor GNU coreutils do this.
So it's a bit surprising but we can't do chown -R ... on untrusted file hierarchies. Standard gives us some freedom here:

-R
    Recursively change file user and group IDs. For each file operand that names a directory, chown shall change the user ID (and group ID, if specified) of the directory and all files in the file hierarchy below it. Unless a -H, -L, or -P option is specified, it is unspecified which of these options will be used as the default.

Both BSD chown and GNU coreutils elect to use '-P' by default.
Should we follow them?

History

#1

Updated by Alexander Pyhalov 10 months ago

  • Subject changed from recursive chown should not traverse any recursive links by default to recursive chown should not traverse any symbolic links by default
#2

Updated by Electric Monk 9 months ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 8f5edf1f887948e6be5982cbe7f196909927af91

commit  8f5edf1f887948e6be5982cbe7f196909927af91
Author: Alexander Pyhalov <apyhalov@gmail.com>
Date:   2019-03-07T15:02:42.000Z

    10417 recursive chown should not traverse any symbolic links by default
    Reviewed by: Andy Fiddaman <andy@omniosce.org>
    Reviewed by: Peter Tribble <peter.tribble@gmail.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Also available in: Atom PDF