On 12/28/2017 04:36 PM, Michael Orlitzky wrote:
Does anyone mind if I reserve a CVE for this?
Of course not - but I doubt that we can do much about it: the chown(1) binary is just a wrapper around chown(2)/lchown(2), so whatever (other) utility uses these system calls in a recursive way will be prone to that trap. I think the best way to handle this is to keep teaching sysadmins to avoid the --dereference option together with -R; usually "chown -R" with the default -P is probably good enough. It would probably be good to add a clarifying sentence to the Texinfo documentation. Would you like to propose a sentence? Have a nice day, Berny
