Hi Michael, thank for that 2nd patch as well.
On 12/28/2017 09:52 PM, Michael Orlitzky wrote:
--- a/doc/coreutils.texi +++ b/doc/coreutils.texi @@ -1427,6 +1427,9 @@ a command line argument is a symbolic link to a directory, traverse it. @cindex symbolic link to directory, traverse each that is encountered In a recursive traversal, traverse every symbolic link to a directory that is encountered. +This option creates a security risk: an attacker may be able to +introduce a symlink that reorders the directory traversal, resulting +in the operation being performed on an arbitrary path of his choosing.
I'm not an English native-speaker, and somehow this "reorders the directory traversal" thing confuses me, so I doubt that a regular user will find this sufficiently explanatory. The point is that the attacker can create a symlink during the run of chown/chgrp which would then be followed and chown/chgrp would operate on the symlink target ... which in turn may not be what the calling user - usually 'root' on GNU/Linux systems - was expecting when starting the tool. Can you find some better words along the above lines? Thanks & have a nice day, Berny
