On Sun, Nov 08, 2009 at 07:13:25PM +0300, Michael Tokarev wrote:
[...]
> And as others in #debian pointed out the overlooked obvious, `chown -R'
> follows symlinks. So it's sufficient to put a symlink to /etc/passwd into
> /var/lib/nsd3 to get the system 0wned.
[...]
Not to downplay the original bug (removed from Cc), but have you
tested the above claim? This didn't match my recollection, so I
checked and found (at least using the one from coreutils under sid)
that chown doesn't follow either symlinks in the tree or even
specified as a parameter...
$ whoami
user1
$ mkdir foo bar
$ touch bar/baz
$ ln -s ../bar foo/xyzzy
$ ln -s ../bar/baz foo/plugh
$ sudo chown -R user2:user2 foo
$ ls -al bar
total 3
drwxr-xr-x 2 user1 user1 72 2009-11-08 17:15 .
drwx--x--x 38 user1 user1 2648 2009-11-08 17:14 ..
-rw-r--r-- 1 user1 user1 0 2009-11-08 17:15 baz
$ ls -al foo
total 3
drwxr-xr-x 2 user2 user2 96 2009-11-08 17:15 .
drwx--x--x 38 user1 user1 2648 2009-11-08 17:14 ..
lrwxrwxrwx 1 user2 user2 10 2009-11-08 17:15 plugh -> ../bar/baz
lrwxrwxrwx 1 user2 user2 6 2009-11-08 17:15 xyzzy -> ../bar
$ sudo chown -R user2:user2 foo/xyzzy
$ ls -al foo/xyzzy/
total 3
drwxr-xr-x 2 user1 user1 72 2009-11-08 17:15 .
drwx--x--x 38 user1 user1 2648 2009-11-08 17:14 ..
-rw-r--r-- 1 user1 user1 0 2009-11-08 17:15 baz
$ sudo chown -R user2:user2 foo/plugh
$ ls -al bar
total 3
drwxr-xr-x 2 user1 user1 72 2009-11-08 17:15 .
drwx--x--x 38 user1 user1 2648 2009-11-08 17:14 ..
-rw-r--r-- 1 user1 user1 0 2009-11-08 17:15 baz
Unless I'm missing something subtle, symbolic links shouldn't be a
concern here.
--
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fu...@yuggoth.org); IRC(fu...@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fu...@yuggoth.org);
MUD(fu...@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
