Bug #10417
recursive chown should not traverse any symbolic links by default
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2019-02-19
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Description
We have a security issue: chown -R will traverse symbolic link, as documented. Nor BSD nor GNU coreutils do this.
So it's a bit surprising but we can't do chown -R ... on untrusted file hierarchies. Standard gives us some freedom here:
-R
Recursively change file user and group IDs. For each file operand that names a directory, chown shall change the user ID (and group ID, if specified) of the directory and all files in the file hierarchy below it. Unless a -H, -L, or -P option is specified, it is unspecified which of these options will be used as the default.
Both BSD chown and GNU coreutils elect to use '-P' by default.
Should we follow them?
History
Updated by Alexander Pyhalov 10 months ago
Updated by - Subject changed from recursive chown should not traverse any recursive links by default to recursive chown should not traverse any symbolic links by default
Updated by Electric Monk 9 months ago
Updated by - Status changed from New to Closed
- % Done changed from 0 to 100
git commit 8f5edf1f887948e6be5982cbe7f196909927af91
commit 8f5edf1f887948e6be5982cbe7f196909927af91
Author: Alexander Pyhalov <apyhalov@gmail.com>
Date: 2019-03-07T15:02:42.000Z
10417 recursive chown should not traverse any symbolic links by default
Reviewed by: Andy Fiddaman <andy@omniosce.org>
Reviewed by: Peter Tribble <peter.tribble@gmail.com>
Approved by: Dan McDonald <danmcd@joyent.com>