On Tue, 9 Jun 2009, Denys Vlasenko wrote: > Yes. It's logical. cp *copies files*. IOW: it *creates a copy > of an existing file*. Copy of a file should be a file. > > In this light, > > cp file symlink - should not write into linked file > cp file device - should not send file's bytes into the device
So, what you're saying is that you're in disagreement with gnu & co. Is that correct? > but both should either refuse to copy or delete 2nd param, > and create *an ordinary file*. Right. But, that's not real life. Don't get me wrong. I don't disagree with you. > Apart from that, "cp file symlink" is a security risk. > Think about this: > > cp /backup/home/joe/dissertation.htm /home/joe > > What if malicious Joe created /home/joe/dissertation.htm symlink > pointing to /etc/shadow? Or to /dev/sda1? But of course. Symlink attacks were not discovered yesterday. We keep getting daily (security) tips on how to keep away from them. Still... > I know that POSIX and friends do not do that. I do not know > why they chose to do stupid things and have security risks > instead of prescribing that cp is a copy operation. Ok. That's fine with me. What you're saying is the busybox behaviour is intentional. True? > If you want to dump bytes into an arbitrary entry in a directory, > the natural way is "cat >dest". Yes. Now how do we preach the gospel to the non-believers? POSIX and gnu folks? My collegues. Are Denys and Cristian the true prophets? ;-) Cheers, -- Cristian _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
