GNU bug report logs - #15232
cp: "-i a/s b/s c" ask for confirmation then still fails

Previous Next

Package: coreutils;

Reported by: jidanni <at> jidanni.org

Date: Sun, 1 Sep 2013 07:40:01 UTC

Severity: wishlist

Tags: confirmed

Full log

View this message in rfc822 format

From: Bernhard Voelker <mail <at> bernhard-voelker.de>
To: jidanni <at> jidanni.org
Cc: 15232 <at> debbugs.gnu.org, jim <at> meyering.net, bob <at> proulx.com
Subject: bug#15232: cp -i a/s b/s c
Date: Fri, 20 Sep 2013 08:21:48 +0200

On 09/19/2013 11:02 PM, jidanni <at> jidanni.org wrote:
>> Jim Meyering <jim <at> meyering.net> writes:
> 
>> enough that without it, cp is vulnerable to a subtle type of exploit.
> 
> Well some word about this should be in some footnote in the cp INFO manual.

It would be vulnerable "without it", as Jim wrote.
So I don't think the man or info pages are the right place.
We even have a test case for that:
http://git.sv.gnu.org/cgit/coreutils.git/tree/tests/cp/abuse.sh

BTW: I'm not sure if we're talking about two different things now:
The OP was talking about ordinary files a/s and b/s which leads to

  cp: will not overwrite just-created 'c/s' with 'b/s'

whereas Jim is talking about a/s being a symlink which leads to

  cp: will not copy 'b/s' through just-created symlink 'c/s'

Have a nice day,
Berny
This bug report was last modified 6 years and 299 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.