cpio bug - symlinks ovewrite regular files
Rob Landley
rob at landley.net
Thu Jun 17 20:26:21 UTC 2010
On Friday 11 June 2010 07:59:41 LEVAI Daniel wrote:
> Hi!
>
> I've discovered a bug in busybox cpio:
>
> $ touch file # create a file
> $ chmod 6755 file # set the suid/sgid bit
> $ ln -sf file link # make a symlink to the file
> $ ls -la file link
> -rwsr-sr-x 1 daniell users 0 Jun 11 13:55:42 2010 file*
> lrwxrwxrwx 1 daniell users 4 Jun 11 13:55:49 2010 link@ -> file
> $ find file link |busybox cpio -ovHnewc > pack.cpio # package them
> $ rm -f file link # remove and ...
> $ busybox cpio -dimvu < pack.cpio # ... unpack the files
> $ ls -la file link # see what happened
> -rwxr-xr-x 1 daniell users 0 Jun 11 13:55:42 2010 file*
> lrwxrwxrwx 1 daniell users 4 Jun 11 13:55:49 2010 link@ -> file
>
>
> The setuid/setgid bits didn't get restored.
> It seems like the situation where one changes the mode bits prior to
> changing the owner/group on a file:
Could be.
This code is in archival/libunarchive/data_extract_all.c and shared with tar
and unzip and such. Does "tar xp" get it right?
> I couldn't find the corresponding cpio(1) code in the busybox source
> (although I must admit I didn't try very hard), but I also noticed
> another bug, which is kind of the same in sed(1):
> It changes the modes before the owners when editing files in place, so
> the setuid/setgid bits are also gets lost.
The gnu version of sed drops the permissions too. This seems intentional, and
like a good idea.
Rob
--
GPLv3: as worthy a successor as The Phantom Meanace, as timely as Duke Nukem
Forever, and as welcome as New Coke.
More information about the busybox
mailing list