Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Jan 2014 11:01:39 +0000
From: Laurent Bercot <>
Subject: Re: is wrong with

> umask 077
> cat < lib/ > /lib/ # /lib/ is created with mode 600
> mv -f /lib/ /lib/
> chmod 755 /lib/ # failed with "Permission denied"

  Very funny bug ^^
  I'm curious of the thought process behind that code:
  - why cat instead of cp ? I guess it's to avoid the implementation-defined behaviour
of cp wrt. rights of the destination file, whereas >'s behaviour is guaranteed.
  - but an explicit chmod is needed anyway.
  - why perform the chmod after the mv, since mv is guaranteed to be a rename() in that
case, the rights will be preserved ? Is there a possibility of someone abusing the
temp file if it is 0755, knowing it is owned by root anyway ?

  chmoding the temp file before the mv -f, instead of /lib/ at the end, looks
like the obvious and simplest fix, but I'm wondering whether I missed something.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.