bug#15232: cp -i a/s b/s c

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#15232: cp -i a/s b/s c

From:	Bernhard Voelker
Subject:	bug#15232: cp -i a/s b/s c
Date:	Fri, 20 Sep 2013 08:21:48 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5

On 09/19/2013 11:02 PM, address@hidden wrote:
>> Jim Meyering <address@hidden> writes:
> 
>> enough that without it, cp is vulnerable to a subtle type of exploit.
> 
> Well some word about this should be in some footnote in the cp INFO manual.

It would be vulnerable "without it", as Jim wrote.
So I don't think the man or info pages are the right place.
We even have a test case for that:
http://git.sv.gnu.org/cgit/coreutils.git/tree/tests/cp/abuse.sh

BTW: I'm not sure if we're talking about two different things now:
The OP was talking about ordinary files a/s and b/s which leads to

  cp: will not overwrite just-created 'c/s' with 'b/s'

whereas Jim is talking about a/s being a symlink which leads to

  cp: will not copy 'b/s' through just-created symlink 'c/s'

Have a nice day,
Berny

[Prev in Thread]

Current Thread

[Next in Thread]

bug#15232: cp -i a/s b/s c, jidanni, 2013/09/01
- bug#15232: cp -i a/s b/s c, Pádraig Brady, 2013/09/01
- bug#15232: cp -i a/s b/s c, jidanni, 2013/09/01
  - bug#15232: cp -i a/s b/s c, Bob Proulx, 2013/09/18
    - bug#15232: cp -i a/s b/s c, Jim Meyering, 2013/09/19
- bug#15232: cp -i a/s b/s c, jidanni, 2013/09/19
  - bug#15232: cp -i a/s b/s c, Bernhard Voelker <=
- bug#15232: cp -i a/s b/s c, jidanni, 2013/09/20
  - bug#15232: cp -i a/s b/s c, Bernhard Voelker, 2013/09/20
- bug#15232: cp -i a/s b/s c, jidanni, 2013/09/20

Prev by Date: bug#15421: RFE: 'id +NNN' for getting group data from a uid rather than username
Next by Date: bug#15232: cp -i a/s b/s c
Previous by thread: bug#15232: cp -i a/s b/s c
Next by thread: bug#15232: cp -i a/s b/s c
Index(es):
- Date
- Thread