Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!uakari.primate.wisc.edu!ames!sgi!vjs@rhyolite.wpd.sgi.com From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver) Newsgroups: comp.sys.sgi Subject: Re: chown thru multiple directories Message-ID: <63743@sgi.sgi.com> Date: 10 Jul 90 19:39:35 GMT References: <9007072013.AA25848@mcirps2.med.nyu.edu> <1990Jul10.105223.27591@gorgo.ifi.unizh.ch> Sender: vjs@rhyolite.wpd.sgi.com Organization: Silicon Graphics, Inc., Mountain View, CA Lines: 52 In article <1990Jul10.105223.27591@gorgo.ifi.unizh.ch>, meyer@gorgo.ifi.unizh.ch (Urs Meyer) writes: > > > >find /$startdir -exec chown $username "{}" \; -print > > WARNING: > There is a security leak in this procedure if the super-user executes > the find command. If a file in the user's directory tree is a > (symbolic) link, the file pointed to by the link will change ownership > and not the link itself. Therefore, if the user has a link to /etc/passwd, > he will own is afterwards. > This is true at least up to IRIX 3.2.1. That statement is true in all BSD derived systems with BSD style symbolic links. In other words, the statement above applies to all common UNIX systems with symbolic links. If we changed it, a zillion people would get on our case for being incompatible. Symbolic links would also be almost useless. > Omit at least the links in the find command: > > find /$startdir ! -type l -exec ... > > Or let the user copy his stuff using tar. > > I really don't like the way symbolic links are implemented in IRIX. > But, there have been enough discussions on that topic. > > Urs Meyer ---------- meyer@ifi.unizh.ch, {uunet,...}!mcsun!cernvax!unizh!meyer > University of Zurich, Dept of Computer Science, Multimedia Lab, CH-8057 Zurich What if a user creates a hard link to /etc/passwd, and then asks that any of the "find ..." commands be run? (E.g., "gee, I restored my tape into /tmp. Please make the files usable") Please notice that "! -type l" will not detect hard links. There is another security hole in both versions if you have "." in root's PATH before "/bin". If you are concerned about such things, you might consider find /$startdir ! -user 0 -print | xargs /bin/chown This is inferior to `chown -R` in 3.3, but it or variations are incredibly faster than `find ... exec` and close both security concerns. (Pointing out xargs is my excuse for wasting everyone's time. Xargs is one of the few good things in SVR2 that is not in BSD.) Vernon Schryver vjs@sgi.com