[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#35654: We've found a vulnerability of gnu chown, please check it and
|
From: |
st0n3 ss |
|
Subject: |
bug#35654: We've found a vulnerability of gnu chown, please check it and request a cve id for us. |
|
Date: |
Fri, 10 May 2019 08:28:47 +0800 |
I understand what you mean.
The manual tell me -h "affect symbolic links instead of any referenced
file", now you say A/B/C is not a symbolic link if B is a symbolic.
It's confusing, right?
Paul Eggert <address@hidden> 于2019年5月10日周五 上午4:01写道:
> I don't see any vulnerability here. The -h option of 'chown -h A/B/C'
> does not affect whether A and A/B are followed if they are symbolic
> links: they are always followed, regardless of whether the -h option is
> specified. The -h option affects only whether A/B/C is followed if A/B/C
> is a symbolic link. This is a well-known property of symbolic links.
>