coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] doc: warn about following symlinks recursively in chown/

From: Bernhard Voelker
Subject: Re: [PATCH 2/2] doc: warn about following symlinks recursively in chown/chgrp
Date: Wed, 3 Jan 2018 22:24:13 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 
Hi Michael,

thank for that 2nd patch as well.

On 12/28/2017 09:52 PM, Michael Orlitzky wrote:

--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -1427,6 +1427,9 @@ a command line argument is a symbolic link to a 
directory, traverse it.
  @cindex symbolic link to directory, traverse each that is encountered
  In a recursive traversal, traverse every symbolic link to a directory
  that is encountered.
+This option creates a security risk: an attacker may be able to
+introduce a symlink that reorders the directory traversal, resulting
+in the operation being performed on an arbitrary path of his choosing.


I'm not an English native-speaker, and somehow this "reorders the directory
traversal" thing confuses me, so I doubt that a regular user will find this
sufficiently explanatory.

The point is that the attacker can create a symlink during the run of
chown/chgrp which would then be followed and chown/chgrp would operate
on the symlink target ... which in turn may not be what the calling user
- usually 'root' on GNU/Linux systems - was expecting when starting the tool.
Can you find some better words along the above lines?

Thanks & have a nice day,
Berny
reply via email to
[Prev in Thread] Current Thread [Next in Thread]