Bugtraq mailing list archives
RE: Curious fileutils/coreutils behaviour.
From: Michael Wojcik <Michael.Wojcik () microfocus com>
Date: Fri, 14 May 2004 11:19:55 -0700
From: David Malone [mailto:dwmalone () cnri dit ie] Sent: Thursday, May 13, 2004 12:49 PM Solaris, AIX, and FreeBSD all seem to have less suprising behaviour for chown and chmod and provide a "-h" flag for chowning a symlink rather than its target. Fileutils also has a "-h" flag, but it is the default for chown, so you need to say "--dereference" to get it to operate on the target. While this choice of default isn't clearly wrong...
It's pretty clear to me that it's wrong. It's inconsistent (with the other utilities) and counterintuitive, which is a major security risk for a security-sensitive utility. Changing ownership of a symlink is rarely useful,(*) so it makes the less-desirable behavior the default. It operates differently from other implementations of the chown command, and requires a nonstandard and implausible flag to force the de facto standard behavior. That's three strikes against it; it's out. Of course, changing the default behavior could have adverse effects on shell scripts and slow learners, so simply correcting it is likely to cause some grief. IMO it's worth it in a case like this. (*)Contrary to the FAQ entry you cited, it is sometimes useful to change the ownership of a symlink. Since the owner of a symlink can be detected by a program, there can exist programs which depend on it. Consider a script which uses "find -user x" for some purpose, for example, or the behavior of directories with the sticky bit set. Also, there was recently a discussion of a real-world case on comp.unix.aix where the use of the -h flag behavior (change link rather than target) would have avoided unfortunate consequences. The text of the FAQ entry is a classic case of failing to consider all the consequences of an action and attending only to the most obvious ones - a common security error. -- Michael Wojcik Principal Software Systems Developer, Micro Focus
Current thread:
- Curious fileutils/coreutils behaviour. David Malone (May 14)
- Re: Curious fileutils/coreutils behaviour. Nicolas Rachinsky (May 14)
- <Possible follow-ups>
- RE: Curious fileutils/coreutils behaviour. Michael Wojcik (May 14)
- Re: Curious fileutils/coreutils behaviour. David Malone (May 14)
- Re: Curious fileutils/coreutils behaviour. Michael Shigorin (May 15)
- Re: Curious fileutils/coreutils behaviour. Luciano Miguel Ferreira Rocha (May 15)
- Re: Curious fileutils/coreutils behaviour. Martin (May 15)
- Re: Curious fileutils/coreutils behaviour. David Malone (May 14)