chown thru multiple directories
Vernon Schryver
vjs at rhyolite.wpd.sgi.com
Wed Jul 11 05:39:35 AEST 1990
In article <1990Jul10.105223.27591 at gorgo.ifi.unizh.ch>, meyer at gorgo.ifi.unizh.ch (Urs Meyer) writes:
> >
> >find /$startdir -exec chown $username "{}" \; -print
>
> WARNING:
> There is a security leak in this procedure if the super-user executes
> the find command. If a file in the user's directory tree is a
> (symbolic) link, the file pointed to by the link will change ownership
> and not the link itself. Therefore, if the user has a link to /etc/passwd,
> he will own is afterwards.
> This is true at least up to IRIX 3.2.1.
That statement is true in all BSD derived systems with BSD style symbolic
links. In other words, the statement above applies to all common UNIX
systems with symbolic links. If we changed it, a zillion people would get
on our case for being incompatible. Symbolic links would also be almost
useless.
> Omit at least the links in the find command:
>
> find /$startdir ! -type l -exec ...
>
> Or let the user copy his stuff using tar.
>
> I really don't like the way symbolic links are implemented in IRIX.
> But, there have been enough discussions on that topic.
>
> Urs Meyer ---------- meyer at ifi.unizh.ch, {uunet,...}!mcsun!cernvax!unizh!meyer
> University of Zurich, Dept of Computer Science, Multimedia Lab, CH-8057 Zurich
What if a user creates a hard link to /etc/passwd, and then asks that any
of the "find ..." commands be run? (E.g., "gee, I restored my tape into
/tmp. Please make the files usable") Please notice that "! -type l" will
not detect hard links.
There is another security hole in both versions if you have "." in root's
PATH before "/bin".
If you are concerned about such things, you might consider
find /$startdir ! -user 0 -print | xargs /bin/chown
This is inferior to `chown -R` in 3.3, but it or variations are incredibly
faster than `find ... exec` and close both security concerns. (Pointing
out xargs is my excuse for wasting everyone's time. Xargs is one of the
few good things in SVR2 that is not in BSD.)
Vernon Schryver
vjs at sgi.com
More information about the Comp.sys.sgi
mailing list