diff options
author | Denis Vlasenko | 2007-09-11 16:28:14 +0000 |
---|---|---|
committer | Denis Vlasenko | 2007-09-11 16:28:14 +0000 |
commit | a9335eafcf113969e807d2aa4381cdd31051099f (patch) | |
tree | c37fcddd6653c94ff4b06ea7b64b48b209867f4d /libbb/copy_file.c | |
parent | fa05074eeed1a6a25393d4b466c7512112f39104 (diff) | |
download | busybox-a9335eafcf113969e807d2aa4381cdd31051099f.zip busybox-a9335eafcf113969e807d2aa4381cdd31051099f.tar.gz |
cp: make it a bit closer to POSIX, but still refuse to open and
write to dest which is a symlink.
Diffstat (limited to 'libbb/copy_file.c')
-rw-r--r-- | libbb/copy_file.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/libbb/copy_file.c b/libbb/copy_file.c index 86449f2..3da8a35 100644 --- a/libbb/copy_file.c +++ b/libbb/copy_file.c @@ -141,6 +141,8 @@ int copy_file(const char *source, const char *dest, int flags) bb_error_msg("target '%s' is not a directory", dest); return -1; } + /* race here: user can substitute a symlink between + * this check and actual creation of files inside dest */ } else { mode_t mode; saved_umask = umask(0); @@ -247,13 +249,13 @@ int copy_file(const char *source, const char *dest, int flags) return -1; /* POSIX way is a security problem versus symlink attacks, - * we do it only for dest's which are device nodes, - * and only for non-recursive, non-interactive cp. NB: it is still racy - * for "cp file /home/bad_user/device_node" case - * (user can rm device_node and create link to /etc/passwd) */ + * we do it only for non-symlinks, and only for non-recursive, + * non-interactive cp. NB: it is still racy + * for "cp file /home/bad_user/file" case + * (user can rm file and create a link to /etc/passwd) */ if (DO_POSIX_CP || (dest_exists && !(flags & (FILEUTILS_RECUR|FILEUTILS_INTERACTIVE)) - && (S_ISBLK(dest_stat.st_mode) || S_ISCHR(dest_stat.st_mode))) + && !S_ISLNK(dest_stat.st_mode)) ) { dst_fd = open(dest, O_WRONLY|O_CREAT|O_TRUNC, source_stat.st_mode); } else /* safe way: */ |