On Monday 31 March 2008 00:17, Bernd Petrovitsch wrote: > > > > What will happen if user created malicious symlink > > > > /home/user/somefile -> /dev/sda? Should cp STILL write to > > > > symlink's target despite it being dangerous? > > > > > > Not necessarily - it could point to some harmless file (still being > > > owned by that user). > > > > > > Why not "rm /home/user/somefile" before he "cp" if one absolutely cares? > > > > People who insist on "cp file /dev/something" acting as > > "cat file >/dev/something" will scream murder and will hunt you, > > Sorry, I'm not sure I understand (as my question cou^Wshould have been > better formulated). > > > and unfortunately they will have big heavy books with "POSIX" > > on them as weapons. Lost fight. > > Just to make sure we speak of the same (and trying to improve the > question): > *If* one fears that sym-link problem of above, he/she can `rm` the > target (possibly only if it is a sym-link) explicitly before and call > then `cp` (or `cat >`).
Yes, this is a prudent thing to do. I just feel that it is sort of strange that such a basic and essential utility as cp requires users to know and remember these subtle security implications. -- vda _______________________________________________ busybox mailing list [email protected] http://busybox.net/cgi-bin/mailman/listinfo/busybox
