GNU bug report logs - #12947
[brlink@debian.org: Bug#598018: install: temporary insecure file permissions]

Previous Next

Package: coreutils;

Reported by: Samuel Bronson <naesten <at> gmail.com>

Date: Tue, 20 Nov 2012 19:07:01 UTC

Severity: normal

Tags: patch, security

Found in version 8.5

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

Message #10 received at 12947-done <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Samuel Bronson <naesten <at> gmail.com>
Cc: 598018 <at> bugs.debian.org, 12947-done <at> debbugs.gnu.org,
	"Bernhard R. Link" <brlink <at> debian.org>
Subject: Re: bug#12947: [brlink <at> debian.org: Bug#598018: install: temporary
	insecure file permissions]
Date: Tue, 20 Nov 2012 13:20:45 -0800

Thanks, I installed this patch into the coreutils master branch,
and I'm marking the upstream coreutils bug as done.

From 7ee71d9ddad1435bbea00779bcd4c62482ea3473 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert <at> cs.ucla.edu>
Date: Tue, 20 Nov 2012 13:15:34 -0800
Subject: [PATCH] install: fix security race

* src/copy.c (copy_internal): Use DST_MODE_BITS, not SRC_MODE.
See Bernhard R. Link in <http://bugs.gnu.org/12947> and in
<http://bugs.debian.org/598018>.
---
 src/copy.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/copy.c b/src/copy.c
index 16aed03..7a35414 100644
--- a/src/copy.c
+++ b/src/copy.c
@@ -2394,8 +2394,13 @@ copy_internal (char const *src_name, char const *dst_name,
       /* POSIX says the permission bits of the source file must be
          used as the 3rd argument in the open call.  Historical
          practice passed all the source mode bits to 'open', but the extra
-         bits were ignored, so it should be the same either way.  */
-      if (! copy_reg (src_name, dst_name, x, src_mode & S_IRWXUGO,
+         bits were ignored, so it should be the same either way.
+
+         This call uses DST_MODE_BITS, not SRC_MODE.  These are
+         normally the same, and the exception (where x->set_mode) is
+         used only by 'install', which POSIX does not specify and
+         where DST_MODE_BITS is what's wanted.  */
+      if (! copy_reg (src_name, dst_name, x, dst_mode_bits & S_IRWXUGO,
                       omitted_permissions, &new_dst, &src_sb))
         goto un_backup;
     }
-- 
1.7.11.7
This bug report was last modified 12 years and 182 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.