summaryrefslogtreecommitdiff
path: root/libbb
diff options
context:
space:
mode:
authorDenis Vlasenko2007-09-11 10:39:13 +0000
committerDenis Vlasenko2007-09-11 10:39:13 +0000
commitfa05074eeed1a6a25393d4b466c7512112f39104 (patch)
tree5032b21d6c04f915069da7b94e009c50c8674305 /libbb
parent976690afe0b376c580dd2756e6d8eafe1317a011 (diff)
downloadbusybox-fa05074eeed1a6a25393d4b466c7512112f39104.zip
busybox-fa05074eeed1a6a25393d4b466c7512112f39104.tar.gz
cp: make "cp file /dev/node" special case; explained in comments
function old new delta copy_file 1487 1538 +51 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/0 up/down: 51/0) Total: 51 bytes text data bss dec hex filename 772502 1051 10724 784277 bf795 busybox_old 772554 1051 10724 784329 bf7c9 busybox_unstripped
Diffstat (limited to 'libbb')
-rw-r--r--libbb/copy_file.c22
1 files changed, 15 insertions, 7 deletions
diff --git a/libbb/copy_file.c b/libbb/copy_file.c
index efb969f..86449f2 100644
--- a/libbb/copy_file.c
+++ b/libbb/copy_file.c
@@ -19,6 +19,9 @@
// (or fail, if it points to dir/nonexistent location/etc).
// This is strange, but POSIX-correct.
// coreutils cp has --remove-destination to override this...
+//
+// NB: we have special code which still allows for "cp file /dev/node"
+// to work POSIX-ly (the only realistic case where it makes sense)
#define DO_POSIX_CP 0 /* 1 - POSIX behavior, 0 - safe behavior */
@@ -243,13 +246,18 @@ int copy_file(const char *source, const char *dest, int flags)
if (src_fd < 0)
return -1;
-#if DO_POSIX_CP /* POSIX way (a security problem versus symlink attacks!): */
- dst_fd = open(dest, (flags & FILEUTILS_INTERACTIVE)
- ? O_WRONLY|O_CREAT|O_EXCL
- : O_WRONLY|O_CREAT|O_TRUNC, source_stat.st_mode);
-#else /* safe way: */
- dst_fd = open(dest, O_WRONLY|O_CREAT|O_EXCL, source_stat.st_mode);
-#endif
+ /* POSIX way is a security problem versus symlink attacks,
+ * we do it only for dest's which are device nodes,
+ * and only for non-recursive, non-interactive cp. NB: it is still racy
+ * for "cp file /home/bad_user/device_node" case
+ * (user can rm device_node and create link to /etc/passwd) */
+ if (DO_POSIX_CP
+ || (dest_exists && !(flags & (FILEUTILS_RECUR|FILEUTILS_INTERACTIVE))
+ && (S_ISBLK(dest_stat.st_mode) || S_ISCHR(dest_stat.st_mode)))
+ ) {
+ dst_fd = open(dest, O_WRONLY|O_CREAT|O_TRUNC, source_stat.st_mode);
+ } else /* safe way: */
+ dst_fd = open(dest, O_WRONLY|O_CREAT|O_EXCL, source_stat.st_mode);
if (dst_fd == -1) {
ovr = ask_and_unlink(dest, flags);
if (ovr <= 0) {