Re: Minor security issue in copying permission bits

[Lasse Collin]

Paul Eggert wrote:
> Lasse Collin <address@hidden> writes:
> > From practical point of view, the original owner always had all
> > permission to access the original file.
>
> True in the usual case, but is that true even with ACLs?  That's not
> clear to me.  The ACL rules can get pretty hairy.  But I digress....

To my understanding, this is true with the so called POSIX ACLs 
supported by at least Linux and FreeBSD. The POSIX ACL specification 
was abandoned so this type of ACLs are not officially standardized.

NFSv4 ACLs are more complex. I don't know if the above case is true with 
NFSv4 ACLs.

> > I wonder how many programs copy permission bits as is. For example,
> > "cp foo bar" copies permission bits but masks them with umask.
>
> That's the most common pattern.  Less common is "cp -p" style.

I noticed that "cp -p" doesn't copy GID if it cannot copy UID. The same 
applies to unpatched gzip. That's because fchown() fails and does 
nothing if it cannot set both UID and GID. I think it could be a good 
idea to either retry with UID = -1 if fchown() fails, or simply set UID 
and GID with separate fchown() calls. I understood that this change will 
be made to GNU coreutils too.

> > The programs that need to copy the owner, group and permissions,
> > would need some extra code to copy ACLs and EAs.
>
> Yes.  This stuff isn't standardized though.  Maybe when it's better
> supported we can add it to gzip.

Some userspace software like GNU coreutils support the so called POSIX 
ACLs already.

-- 
Lasse Collin  |  IRC: Larhzu @ IRCnet & Freenode