[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 2/2] doc: warn about following symlinks recursively in cho
|
From: |
Eric Blake |
|
Subject: |
Re: [PATCH v2 2/2] doc: warn about following symlinks recursively in chown/chgrp |
|
Date: |
Thu, 4 Jan 2018 09:51:06 -0600 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 |
On 01/03/2018 06:17 PM, Michael Orlitzky wrote:
> * doc/coreutils.texi: In both chown and chgrp (which shares
> its code with chown), operating on symlinks recursively
> has a window of vulnerability where the destination user
> or group can change the target of the operation. This commit
> warns about combining the --dereference, --recursive, and -L
> flags.
> +This option creates a security risk. In the presence of symlinks, the
> +traversal is not guaranteed to be performed depth-first. As a result,
> +there is a race condition: an attacker may be able to introduce a
> +symlink at a point in the traversal that has yet to be reached. When
> +it is reached, the operation will be performed on the target of that,
> +symlink, possibly allowing the attacker to escalate his privileges.
If others like the wording, you need a grammar fix: s/that,
symlink,/that symlink,/
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
Re: [PATCH 2/2] doc: warn about following symlinks recursively in chown/chgrp, Michael Orlitzky, 2018/01/03