Re: security bug in cp(1)

Paul Eggert <[EMAIL PROTECTED]> wrote: > Maybe the NEWS file should be changed? Something like this? > > 2007-08-17 Paul Eggert <[EMAIL PROTECTED]> > > * NEWS: The old cp -p bug affected coreutils releases before 6.0. > Problem reported by Soren Spies in >

Re: security bug in cp(1)

Eric Blake <[EMAIL PROTECTED]> writes: > According to Soren Spies on 8/16/2007 8:16 PM: >> I just noticed that cp -p doesn't update the group on a file before >> writing data into the target. That means that during the copy, users >> you didn't intend to be able to read the file can read the file

Re: security bug in cp(1)

Eric Blake wrote: > Soren Spies wrote: > > gnu.org's fileutils page > > () > > has a link to bugs but it leads to a file-not-found page. :P > > fileutils is obsolete, ever since it was folded into coreutils. Note that the http

Re: security bug in cp(1)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 According to Soren Spies on 8/16/2007 8:16 PM: > I just noticed that cp -p doesn't update the group on a file before > writing data into the target. That means that during the copy, users > you didn't intend to be able to read the file can read the fi

security bug in cp(1)

I just noticed that cp -p doesn't update the group on a file before writing data into the target. That means that during the copy, users you didn't intend to be able to read the file can read the file. Running running Debian GNU/Linux 4.0 (etch) on i686. techhouse-0:/scratch/soren=> ls -l spool.