[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: cp bug?
From: Denys Vlasenko <vda.linux () googlemail ! com>
Date: 2008-03-30 22:32:43
Message-ID: 200803310032.43488.vda.linux () googlemail ! com
[Download RAW message or body]
On Monday 31 March 2008 00:17, Bernd Petrovitsch wrote:
> > > > What will happen if user created malicious symlink
> > > > /home/user/somefile -> /dev/sda? Should cp STILL write to
> > > > symlink's target despite it being dangerous?
> > >
> > > Not necessarily - it could point to some harmless file (still being
> > > owned by that user).
> > >
> > > Why not "rm /home/user/somefile" before he "cp" if one absolutely cares?
> >
> > People who insist on "cp file /dev/something" acting as
> > "cat file >/dev/something" will scream murder and will hunt you,
>
> Sorry, I'm not sure I understand (as my question cou^Wshould have been
> better formulated).
>
> > and unfortunately they will have big heavy books with "POSIX"
> > on them as weapons. Lost fight.
>
> Just to make sure we speak of the same (and trying to improve the
> question):
> *If* one fears that sym-link problem of above, he/she can `rm` the
> target (possibly only if it is a sym-link) explicitly before and call
> then `cp` (or `cat >`).
Yes, this is a prudent thing to do. I just feel that it is sort of
strange that such a basic and essential utility as cp requires users
to know and remember these subtle security implications.
--
vda
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic