[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#15232: cp -i a/s b/s c
From: |
Bernhard Voelker |
Subject: |
bug#15232: cp -i a/s b/s c |
Date: |
Fri, 20 Sep 2013 08:21:48 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 |
On 09/19/2013 11:02 PM, address@hidden wrote:
>> Jim Meyering <address@hidden> writes:
>
>> enough that without it, cp is vulnerable to a subtle type of exploit.
>
> Well some word about this should be in some footnote in the cp INFO manual.
It would be vulnerable "without it", as Jim wrote.
So I don't think the man or info pages are the right place.
We even have a test case for that:
http://git.sv.gnu.org/cgit/coreutils.git/tree/tests/cp/abuse.sh
BTW: I'm not sure if we're talking about two different things now:
The OP was talking about ordinary files a/s and b/s which leads to
cp: will not overwrite just-created 'c/s' with 'b/s'
whereas Jim is talking about a/s being a symlink which leads to
cp: will not copy 'b/s' through just-created symlink 'c/s'
Have a nice day,
Berny
- bug#15232: cp -i a/s b/s c, jidanni, 2013/09/01
- bug#15232: cp -i a/s b/s c, Pádraig Brady, 2013/09/01
- bug#15232: cp -i a/s b/s c, jidanni, 2013/09/01
- bug#15232: cp -i a/s b/s c, jidanni, 2013/09/19
- bug#15232: cp -i a/s b/s c,
Bernhard Voelker <=
- bug#15232: cp -i a/s b/s c, jidanni, 2013/09/20
- bug#15232: cp -i a/s b/s c, jidanni, 2013/09/20