coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] chown: prevent multiple --from options

From: Pádraig Brady
Subject: Re: [PATCH] chown: prevent multiple --from options
Date: Sun, 29 Sep 2019 13:36:30 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 
On 29/09/19 10:46, Francois wrote:
> chown --from option can be used to restrict the list of files
> concerned by the chown.
> 
> However this is true only for the latest --from option provided on the
> command line. One can run chown --from=1000:1000 --from=0:0, in that
> case the first --from will be silently discarded.
> 
> It is an issue on systems where sysadmins naively provide a sudo rule
> for their users expecting to restrict its usage for a specific owner.
> 
> We can fix by rejecting the cases where --from option is provided multiple
> times and uid or gid are set twice.
> 
> * src/chown.c: prevent multiple --from options
> 
> * tests/chown/basic.sh: prevent multiple --from options
> ---
>  src/chown.c          | 14 ++++++++++++--
>  tests/chown/basic.sh |  9 +++++++++
>  2 files changed, 21 insertions(+), 2 deletions(-)
> 
> diff --git a/src/chown.c b/src/chown.c
> index c1db307ab..a06bf6ed4 100644
> --- a/src/chown.c
> +++ b/src/chown.c
> @@ -227,11 +227,21 @@ main (int argc, char **argv)
> 
>          case FROM_OPTION:
>            {
> -            const char *e = parse_user_spec (optarg,
> -                                             &required_uid, &required_gid,
> +            const char *e;
> +            uid_t parsed_required_uid = -1;
> +            gid_t parsed_required_gid = -1;
> +            e = parse_user_spec (optarg,
> +                                             &parsed_required_uid,
> +                                             &parsed_required_gid,
>                                               NULL, NULL);
>              if (e)
>                die (EXIT_FAILURE, 0, "%s: %s", e, quote (optarg));
> +            if ((parsed_required_uid != -1 && required_uid != -1) ||
> +                (parsed_required_gid != -1 && required_gid != -1))
> +              die (EXIT_FAILURE, 0, "%s",
> +                   _("from option provided multiple times"));
> +            required_uid = parsed_required_uid;
> +            required_gid = parsed_required_gid;
>              break;
>            }
> 
> diff --git a/tests/chown/basic.sh b/tests/chown/basic.sh
> index faeeb82aa..2ccfd959d 100755
> --- a/tests/chown/basic.sh
> +++ b/tests/chown/basic.sh
> @@ -56,4 +56,13 @@ chown --no-dereference --from=0:1 2:010 slink || fail=1
>  # owner/group on the symlink should be changed
>  set _ $(ls -n slink); shift; test "$3:$4" = 2:10 || fail=1
> 
> +# Ensure two from are reported properly as error
> +returns_ 1 chown --from=0:0 --from=1:1 0 f > out 2>&1|| fail=1
> +printf "chown: from option provided multiple times\n" > exp
> +compare exp out || fail=1
> +
> +# Unless they set different attributes
> +chown --from=0 --from=:0 0 f  || fail=1
> +
> +
>  Exit $fail
> --
> 2.16.4
> 
> 

I'm inclined to agree with this patch,
as I can't see much use for overriding --from

thanks!
Pádraig
reply via email to
[Prev in Thread] Current Thread [Next in Thread]