|Summary:||restoring a symlink changes owner/group of the target file|
|Product:||[Retired] Red Hat Linux||Reporter:||Chris Siebenmann <cks-rhbugzilla>|
|Component:||dump||Assignee:||Nalin Dahyabhai <nalin>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2000-02-03 18:44:09 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Chris Siebenmann 1999-11-05 10:33:06 UTC
When restore is restoring symlinks, it winds up changing the ownership and the group of the file the symlink points at, instead of the owner/group of the symlink itself. Reproduction: reproduction may be somewhat difficult, because you need to arrange that the symlink will be later in the dump than the file it points at. On many systems, doing (as a normal user) something like: cd /tmp; ln -s / foobar [root runs dump & restores somewhere] is likely to work -- but if you do this to test, remember to fix the ownership of / afterwards! I consider this a security issue because in multi-user environments where the operators or system administrators will restore deleted/lost files for people, a nasty user can exploit this to change the ownership of important system files such as /etc/passwd to themselves, eg: evil$ ln -s /etc/passwd src/important/test-3 [wait for a backup to run] evil$ rm -rf src/important evil$ mail -s 'restore request' root I've lost my $HOME/src/important source tree; can you restore it from backups? ^D [wait for restore...] evil$ vi /etc/passwd # time for root2 to appear Fix: use lchown() instead of chown() when restoring the ownership/group of symlinks.
Comment 1 bjn 2000-01-19 14:35:59 UTC
Apparently the author has seen this also; he says in the attached that all versions (including 0.3, used in RedHat 5.2) are vulnerable, and that 0.4b9 fixes it to use lchown(): http://lwn.net/1999/1111/a/dump.html Is a new RPM in the works?
Comment 2 Jeff Johnson 2000-01-19 14:50:59 UTC
lchown does not work on stock Red Hat 5.2 systems, so the "fix" is upgrading to Red Hat 6.0 (or upgrading glibc kernel and a bunch more).
Comment 3 Elliot Lee 2000-02-03 18:44:59 UTC
jbj indicates that this problem is solved in the current release.