Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Jan 2020 09:15:57 -0500
From: Rich Felker <>
Subject: coreutils cp mishandles error return from lchmod

cp (and perhaps other utilities) are treating EOPNOTSUPP from lchmod
as a hard error rather than an indication that the system does not
support modes for symlinks. This recently came up on where users are claiming recent
changes to gnulib made the problem go away, but I'm not sure what the
mechanism was, since the underlying problem is still there. Users only
hit the problem on cross-compiling, presumably due to logic in how
gnulib replaces lchmod, and due to gnulib's replacement wrongly
following symlinks (it just #defines it to chmod). gnulib documents
that the caller must check before calling lchmod that the file is not
a symlink, but this is unsafe in the presence of race conditions,

While lchmod is not a standard function, fchmodat with
AT_SYMLINK_NOFOLLOW is, and specifies EOPNOTSUPP for the case where
the system does not support modes on symlinks. musl provides lchmod as
a simple wrapper for this, yielding a version that is safe.

coreutils should be opting to use the system-provided lchmod, which is
safe, and correctly handling error returns (silently treating
EOPNOTSUPP as success) rather than as hard errors.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.