On Son, 2008-03-30 at 23:35 +0200, Denys Vlasenko wrote:
> On Sunday 30 March 2008 16:56, Bernd Petrovitsch wrote:
> > On Fre, 2008-03-28 at 17:27 +0100, Denys Vlasenko wrote:
> > [...]
> > > How can root use safely copy a file to user-owned directory?
> > >
> > > Obviously, "cp somefile /home/user/somefile"
> > >
> > > What will happen if user created malicious symlink
> > > /home/user/somefile -> /dev/sda? Should cp STILL write to
> > > symlink's target despite it being dangerous?
> >
> > Not necessarily - it could point to some harmless file (still being
> > owned by that user).
> >
> > Why not "rm /home/user/somefile" before he "cp" if one absolutely cares?
>
> People who insist on "cp file /dev/something" acting as
> "cat file >/dev/something" will scream murder and will hunt you,
Sorry, I'm not sure I understand (as my question cou^Wshould have been
better formulated).
> and unfortunately they will have big heavy books with "POSIX"
> on them as weapons. Lost fight.
Just to make sure we speak of the same (and trying to improve the
question):
*If* one fears that sym-link problem of above, he/she can `rm` the
target (possibly only if it is a sym-link) explicitly before and call
then `cp` (or `cat >`).
Bernd
--
Firmix Software GmbH http://www.firmix.at/
mobil: +43 664 4416156 fax: +43 1 7890849-55
Embedded Linux Development and Services
_______________________________________________
busybox mailing list
[email protected]
http://busybox.net/cgi-bin/mailman/listinfo/busybox
