cpio bug - symlinks ovewrite regular files

Rob Landley rob at landley.net
Thu Jun 17 20:26:21 UTC 2010


On Friday 11 June 2010 07:59:41 LEVAI Daniel wrote:
> Hi!
>
> I've discovered a bug in busybox cpio:
>
> $ touch file		# create a file
> $ chmod 6755 file	# set the suid/sgid bit
> $ ln -sf file link	# make a symlink to the file
> $ ls -la file link
> -rwsr-sr-x  1 daniell  users  0 Jun 11 13:55:42 2010 file*
> lrwxrwxrwx  1 daniell  users  4 Jun 11 13:55:49 2010 link@ -> file
> $ find file link |busybox cpio -ovHnewc > pack.cpio	# package them
> $ rm -f file link	# remove and ...
> $ busybox cpio -dimvu < pack.cpio	# ... unpack the files
> $ ls -la file link	# see what happened
> -rwxr-xr-x  1 daniell  users  0 Jun 11 13:55:42 2010 file*
> lrwxrwxrwx  1 daniell  users  4 Jun 11 13:55:49 2010 link@ -> file
>
>
> The setuid/setgid bits didn't get restored.
> It seems like the situation where one changes the mode bits prior to
> changing the owner/group on a file:

Could be.

This code is in archival/libunarchive/data_extract_all.c and shared with tar 
and unzip and such.  Does "tar xp" get it right?

> I couldn't find the corresponding cpio(1) code in the busybox source
> (although I must admit I didn't try very hard), but I also noticed
> another bug, which is kind of the same in sed(1):
> It changes the modes before the owners when editing files in place, so
> the setuid/setgid bits are also gets lost.

The gnu version of sed drops the permissions too.  This seems intentional, and 
like a good idea.

Rob
-- 
GPLv3: as worthy a successor as The Phantom Meanace, as timely as Duke Nukem 
Forever, and as welcome as New Coke.


More information about the busybox mailing list