[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] chown: prevent multiple --from options
From: |
Pádraig Brady |
Subject: |
Re: [PATCH] chown: prevent multiple --from options |
Date: |
Sun, 29 Sep 2019 13:36:30 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
On 29/09/19 10:46, Francois wrote:
> chown --from option can be used to restrict the list of files
> concerned by the chown.
>
> However this is true only for the latest --from option provided on the
> command line. One can run chown --from=1000:1000 --from=0:0, in that
> case the first --from will be silently discarded.
>
> It is an issue on systems where sysadmins naively provide a sudo rule
> for their users expecting to restrict its usage for a specific owner.
>
> We can fix by rejecting the cases where --from option is provided multiple
> times and uid or gid are set twice.
>
> * src/chown.c: prevent multiple --from options
>
> * tests/chown/basic.sh: prevent multiple --from options
> ---
> src/chown.c | 14 ++++++++++++--
> tests/chown/basic.sh | 9 +++++++++
> 2 files changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/src/chown.c b/src/chown.c
> index c1db307ab..a06bf6ed4 100644
> --- a/src/chown.c
> +++ b/src/chown.c
> @@ -227,11 +227,21 @@ main (int argc, char **argv)
>
> case FROM_OPTION:
> {
> - const char *e = parse_user_spec (optarg,
> - &required_uid, &required_gid,
> + const char *e;
> + uid_t parsed_required_uid = -1;
> + gid_t parsed_required_gid = -1;
> + e = parse_user_spec (optarg,
> + &parsed_required_uid,
> + &parsed_required_gid,
> NULL, NULL);
> if (e)
> die (EXIT_FAILURE, 0, "%s: %s", e, quote (optarg));
> + if ((parsed_required_uid != -1 && required_uid != -1) ||
> + (parsed_required_gid != -1 && required_gid != -1))
> + die (EXIT_FAILURE, 0, "%s",
> + _("from option provided multiple times"));
> + required_uid = parsed_required_uid;
> + required_gid = parsed_required_gid;
> break;
> }
>
> diff --git a/tests/chown/basic.sh b/tests/chown/basic.sh
> index faeeb82aa..2ccfd959d 100755
> --- a/tests/chown/basic.sh
> +++ b/tests/chown/basic.sh
> @@ -56,4 +56,13 @@ chown --no-dereference --from=0:1 2:010 slink || fail=1
> # owner/group on the symlink should be changed
> set _ $(ls -n slink); shift; test "$3:$4" = 2:10 || fail=1
>
> +# Ensure two from are reported properly as error
> +returns_ 1 chown --from=0:0 --from=1:1 0 f > out 2>&1|| fail=1
> +printf "chown: from option provided multiple times\n" > exp
> +compare exp out || fail=1
> +
> +# Unless they set different attributes
> +chown --from=0 --from=:0 0 f || fail=1
> +
> +
> Exit $fail
> --
> 2.16.4
>
>
I'm inclined to agree with this patch,
as I can't see much use for overriding --from
thanks!
Pádraig