|
From: | Paul Eggert |
Subject: | bug#35654: We've found a vulnerability of gnu chown, please check it and request a cve id for us. |
Date: | Thu, 9 May 2019 13:01:49 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 |
I don't see any vulnerability here. The -h option of 'chown -h A/B/C' does not affect whether A and A/B are followed if they are symbolic links: they are always followed, regardless of whether the -h option is specified. The -h option affects only whether A/B/C is followed if A/B/C is a symbolic link. This is a well-known property of symbolic links.
[Prev in Thread] | Current Thread | [Next in Thread] |