Bug#841371: /usr/bin/install: should use fchown, fchmod
On Thu, Oct 20, 2016 at 10:30:46AM +1100, Paul Szabo wrote: > Package: coreutils > Version: 8.23-4 > Severity: important > File: /usr/bin/install > > > The install command is vulnerable to a race condition. > > If used by root to create a file in a directory writable to users or > groups other than root, then after install creates the file, the file > just created could be replaced by a symlink: then lchown() would act on > the symlink itself, and chmod() would act on the target of the symlink. > > Seems it would be better for install to use fchown() and fchmod(): > safer, more robust, and maybe more efficient. > > > Using strace shows that install does: > > open("target", O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 4 > [write content with write(4,...)] ... > fchmod(4, 0600) = 0 > close(4)= 0 > > lchown32("target", UID, GID)= 0 > chmod("target", MODE) = 0 > > > The last two commands should be changed into fchown() and fchmod(), > and moved to be prior to the close(). > > > Would it help it I submitted patches? Please do. Thanks, Moritz
Bug#841371: /usr/bin/install: should use fchown, fchmod
Package: coreutils Version: 8.23-4 Severity: important File: /usr/bin/install The install command is vulnerable to a race condition. If used by root to create a file in a directory writable to users or groups other than root, then after install creates the file, the file just created could be replaced by a symlink: then lchown() would act on the symlink itself, and chmod() would act on the target of the symlink. Seems it would be better for install to use fchown() and fchmod(): safer, more robust, and maybe more efficient. Using strace shows that install does: open("target", O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 4 [write content with write(4,...)] ... fchmod(4, 0600) = 0 close(4)= 0 lchown32("target", UID, GID)= 0 chmod("target", MODE) = 0 The last two commands should be changed into fchown() and fchmod(), and moved to be prior to the close(). Would it help it I submitted patches? Thanks, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- System Information: Debian Release: 8.6 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 3.16.7-ckt20-pk07.18-amd64 (SMP w/32 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages coreutils depends on: ii libacl1 2.2.52-2 ii libattr1 1:2.4.47-2 ii libc62.19-18+deb8u6 ii libselinux1 2.3-2 coreutils recommends no packages. coreutils suggests no packages. -- no debconf information