bug in permissions on symlinks

Cameron Simpson cs at zip.com.au
Fri Dec 7 11:33:41 EST 2001 

On Thu, Dec 06, 2001 at 09:06:10AM -0600, Dave Dykstra <dwd at bell-labs.com> wrote:
| On Fri, Dec 07, 2001 at 12:58:31AM +1100, Cameron Simpson wrote:
| > Not so. The sunos4 boxen don't have lchown()
| 
| You're right.  However, the chown man page says it doesn't follow symlinks:
| 
|      If the final component of path is a symbolic link, the  own-
|      ership  and  group  of the symbolic link is changed, not the
|      ownership and group of the file or  directory  to  which  it
|      points.

Hmm.

| > Another counter example - Apollo symlinks were special directory entries,
| > not objects with inodes, and chowning them was meaningless. SInce the
| > target permissions were always enough anyway (permissions on a symlinks
| > can be trivially bypassed by opening the full path, and symlinks are
| > not writable themself - only creatable), so inodeless implementations
| > are both feasible and sensible.
| 
| Does anybody run rsync on Apollo?

Hell, they run it on Windoze :-( I know what I'd rather use.

Still, that's not the point - the point is that it's dangerous.

| > Please - if there's no lchown DO NOT chown symlinks. It is silently
| > destructive.
| I say let's don't bother to change it unless somebody reports a problem.

Please don't take this path - ownerships on symlinks are a pretty
meaningless concept and they day you run into a system like SysV but which
doesn't have (or hides) its lchown rsync _will_ start damaging things
nastily the day someone copies a tree with symlinks off into other places.
It's like a timebomb.

Imagine some simple auth system using the system password file, secure
in the knowledge it's running unpriviledged and thus safe to symlink
/etc/passwd into the config dir? Then updating their distro with
rsync-as-root from some master server.

Why _not_ take the conservation approach "unless somebody reports a
problem" [sic]?
-- 
Cameron Simpson, DoD#743        cs at zip.com.au    http://www.zip.com.au/~cs/

... It beeped and said "Countdown initiated." Is that bad?

More information about the rsync mailing list