On Tue, Jun 9, 2009 at 10:57 PM, Cristian Ionescu-Idbohrn<[email protected]> wrote: > On Tue, 9 Jun 2009, Denys Vlasenko wrote: > >> Yes. It's logical. cp *copies files*. IOW: it *creates a copy >> of an existing file*. Copy of a file should be a file. >> >> In this light, >> >> cp file symlink - should not write into linked file >> cp file device - should not send file's bytes into the device > > So, what you're saying is that you're in disagreement with gnu & co. Is > that correct?
I am not entirely sure that I am right doing do, but in this case it's ugly enough that I do disagree. What do you think? Is it causing compat problems in real life? >> What if malicious Joe created /home/joe/dissertation.htm symlink >> pointing to /etc/shadow? Or to /dev/sda1? > > But of course. Symlink attacks were not discovered yesterday. We keep > getting daily (security) tips on how to keep away from them. Still... My point, being careful in running, for example, sed .... -i FILE and taking care that FILE is not replaced by a malicious symlink, is understandable. root usually doesn't do that in /home/joe anyway. But when root can't *just copy* a bunch of files to Joe's dir without having nightmares about bad boy Joe is... stupid. How is root supposed to do such a thing safely then?? cp *can* take care of this. Why it does not? > Now how do we preach the gospel to the non-believers? POSIX and gnu > folks? My collegues. Are Denys and Cristian the true prophets? ;-) If people will convince me that this is a real problem for them, I will change it. If it's just a crusade for standards... -- vda _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
