0001-doc-warn-about-following-symlinks-recursively-in-cho.patchDescription: Text Data
|
| From: | Bernhard Voelker |
| Subject: | Re: [PATCH v3 2/2] doc: warn about following symlinks recursively in chown/chgrp |
| Date: | Mon, 8 Jan 2018 08:33:02 +0100 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 |
On 01/04/2018 05:38 PM, Michael Orlitzky wrote:
--- a/doc/coreutils.texi +++ b/doc/coreutils.texi @@ -1427,6 +1427,13 @@ a command line argument is a symbolic link to a directory, traverse it. @cindex symbolic link to directory, traverse each that is encountered In a recursive traversal, traverse every symbolic link to a directory that is encountered. +This option creates a security risk. In the presence of symlinks, the +traversal is not guaranteed to be performed depth-first. As a result, +there is a race condition: an attacker may be able to introduce a +symlink at a point in the traversal that has yet to be reached. When +it is reached, the operation will be performed on the target of that +symlink, possibly allowing the attacker to escalate his privileges. + @end macro @choptL
I'm not 100% happy with it yet. * the patch adds the above to the macro choptL which is also used in node chcon. Do you see the danger for chcon(1), too? * IMO we should avoid mentioning internal processing strategies like "depth-first" - even guaranteeing depth-that would not avoid this issue: there is no reason to trust FROM-USER more than NEW-USER. Furthermore, not only these 2 users may be potential attackers in this scenario, but also others, depending on the mode bits of the involved files and directories, ACLs etc. What about the attached? Thanks & have a nice day, Berny
0001-doc-warn-about-following-symlinks-recursively-in-cho.patch
Description: Text Data
| [Prev in Thread] | Current Thread | [Next in Thread] |