GNU bug report logs - #8752
cp: fchown called before fchmod, unable to set file mode

Previous Next

Package: coreutils;

Reported by: Milan Novak <milan.novak <at> gmail.com>

Date: Sat, 28 May 2011 17:27:01 UTC

Severity: normal

Done: Bob Proulx <bob <at> proulx.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 8752 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Milan Novak <milan.novak <at> gmail.com>
Cc: 8752 <at> debbugs.gnu.org
Subject: Re: bug#8752: cp: fchown called before fchmod, unable to set file mode
Date: Sun, 29 May 2011 12:27:46 -0700

On 05/28/11 06:10, Milan Novak wrote:
> I believe that cp uses wrong order of syscalls when applying target file
> attributes; fchown(2) is called before fchmod(2).
> As a result it looses access to target file and is unable to apply file mode
> correctly; error message is as follows
> "cp: preserving permissions for `target': Not owner"

The general idea in coreutils is given in the following
comment in lib/dirchownmod.c:

         /* On some systems, chown clears S_ISUID and S_ISGID, so do           
            chown before chmod.  On older System V hosts, ordinary             
            users can give their files away via chown; don't worry             
            about that here, since users shouldn't do that.  */

HP-UX is one of the "older System V hosts" that by default allows
ordinary users to give their files away.  This is a mild security
hole, so modern operating systems typically don't allow it.
To get this safer behavior on HP-UX, you can do something like the
following, as the superuser:

# echo "-n CHOWN" >>/etc/privgrp
# setprivgrp -f /etc/privgroup

I suppose coreutils might be modified to work in this (from our
point of view) dinosaurian environment, but it wouldn't be trivial,
since it's vital for the code to still work in the more-typical
case where one should chown before chmod.

If someone (maybe you?) could suggest a patch to coreutils that
fixes the problem on HP-UX and is easy to follow and that doesn't
break or slow down coreutils on typical systems, that'd be nice.
But I suspect you'd be better off disabling CHOWN as shown above,
as that's more secure; besides, coreutils is not the only package
that has problems with the default HP-UX settings.

For more on this please see:

http://lists.gnu.org/archive/html/bug-gzip/2007-06/msg00005.html

You might also want to look at HP's Bastille product: it's
free and it should improve your site's security (the above is one
of the hundreds of security holes it'll close).
This bug report was last modified 13 years and 357 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.