On 16/12/2011 16:29, Jan Engelhardt wrote:
Hi,
chown(1) has a -h option by which it affects symlinks directly rather
than the pointed-to file. The bonus side effect is that the
pointed-to files don't get changed in any way, which is kinda welcome
if you attempt to "fix" permissions/ownership in
Hi,
chown(1) has a -h option by which it affects symlinks directly rather
than the pointed-to file. The bonus side effect is that the
pointed-to files don't get changed in any way, which is kinda welcome
if you attempt to fix permissions/ownership in a directory where an
evil user could create a
severity 10311 wishlist
thanks
Jan Engelhardt wrote:
Give chmod a -h option as well
There are several important points concerning symlinks, the mode bits,
chmod(1) and chmod(2).
* The mode bits of a symlink are not used. The original Unix authors
ignored them and did not provide any way to
On Friday 2011-12-16 18:30, Bob Proulx wrote:
chmod -R [does not] by default dereference[s] symlinks.
It does not? Oh, in that case the report may be closed.
This behavior is however inconsistent with what chown (and many other
tools) do by default though.
On 12/16/11 09:30, Bob Proulx wrote:
Neither chmod -R nor find by default dereference symlinks.
But there's still a problem without -R. Suppose the attacker does
ln -s /etc/passwd slylink and then root does chmod a+w *
in a directory containing slylink. Then anyone can write /etc/passwd.
On 12/16/2011 10:30 AM, Bob Proulx wrote:
severity 10311 wishlist
thanks
Jan Engelhardt wrote:
Give chmod a -h option as well
There are several important points concerning symlinks, the mode bits,
chmod(1) and chmod(2).
* The mode bits of a symlink are not used. The original Unix
Jan Engelhardt wrote:
Bob Proulx wrote:
chmod -R [does not] by default dereference[s] symlinks.
It does not? Oh, in that case the report may be closed.
Here is an example test case:
$ mkdir symlink-perm-test
$ cd symlink-perm-test
$ mkdir dir1 dir2
$ date dir1/datestamp
$ chmod
Eric Blake wrote:
Bob Proulx wrote:
* The mode bits of a symlink are not used. The original Unix authors
ignored them and did not provide any way to change them.
That's true for Linux, but false for BSD (where the mode bits of a
symlink can allow restriction on dereferencing through
On 12/16/2011 11:37 AM, Bob Proulx wrote:
Eric Blake wrote:
Bob Proulx wrote:
* The mode bits of a symlink are not used. The original Unix authors
ignored them and did not provide any way to change them.
That's true for Linux, but false for BSD (where the mode bits of a
symlink can allow
On 12/16/2011 12:04 PM, Eric Blake wrote:
It would be informative to myself and I expect others if you could
post an example of the behavior from a BSD system showing the
restriction through a symlink's permissions.
But I still remember reading about permissions affecting symlinks on at
10 matches
Mail list logo
