On 01/03/2018 06:17 PM, Michael Orlitzky wrote: > * doc/coreutils.texi: In both chown and chgrp (which shares > its code with chown), operating on symlinks recursively > has a window of vulnerability where the destination user > or group can change the target of the operation. This commit > warns about combining the --dereference, --recursive, and -L > flags.
> +This option creates a security risk. In the presence of symlinks, the > +traversal is not guaranteed to be performed depth-first. As a result, > +there is a race condition: an attacker may be able to introduce a > +symlink at a point in the traversal that has yet to be reached. When > +it is reached, the operation will be performed on the target of that, > +symlink, possibly allowing the attacker to escalate his privileges. If others like the wording, you need a grammar fix: s/that, symlink,/that symlink,/ -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
