NetBSD Problem Report #13645

Received: (qmail 10521 invoked from network); 6 Aug 2001 23:49:16 -0000
Message-Id: <200108062353.f76NrCa00277@wh5041.stw.uni-rostock.de>
Date: Tue, 7 Aug 2001 01:53:12 +0200 (CEST)
From: Charlie Root <root@wh5041.stw.uni-rostock.de>
Reply-To: Christian Ruediger Bahls <cb064@wh5041.stw.uni-rostock.de>
To: gnats-bugs@gnats.netbsd.org
Subject: cp needs one more flag if used with filesystem flags
X-Send-Pr-Version: 3.95

>Number:         13645
>Category:       security
>Synopsis:       cp needs one more flag if used with filesystem flags
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    security-officer
>State:          closed
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Aug 06 23:50:01 +0000 2001
>Closed-Date:    Mon Aug 15 17:15:42 +0000 2005
>Last-Modified:  Mon Aug 15 17:15:42 +0000 2005
>Originator:     0
>Release:        NetBSD 1.5.1
>Organization:
University of Rostock
>Environment:
System: NetBSD wh5041 1.5.1 NetBSD 1.5.1 (CHRISTIANS) #0: Mon Aug 6 00:20:30 CEST 2001 root@wh5041:/usr/kame/netbsd/sys/arch/i386/compile/WH5041 i386


>Description:
	cp -p copies as much information as possible
	there is no flag to tell it not to copy filesystem-flags
	this make security checking scripts
	fail to often (false positives)
	and prevents cron.daily from backing up /etc

>How-To-Repeat:
        do "chflags -R schg /etc"
	run cron.daily two times ..
	have a look onto the error-messages generated
	look into /var/backups
	ls -laro /var/backups

>Fix:
	give copy one more flag [this is left blank intentionally :)]
	so at least one can change the security scripts ..
	[it would be possible to change the scripts itself
	 but this would impose new security issues]

>Release-Note:
>Audit-Trail:

From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@netbsd.org
Cc:  
Subject: re: security/13645
Date: Fri, 02 Apr 2004 20:22:27 +1000

 i wonder if this would be best solved by a patch to rub.subr:backup_file().

 for the "cp -p old new" cases i'd probably add an explicit
 "chflags nouchg,noschg,nouappnd,nosappnd $file" (anything else?) after
 the cp has run... no use in either rcs or cp'ed copies being unchangeable.



 .mrg.
From: Elad Efrat <elad@NetBSD.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: re: security/13645
Date: Sun, 14 Aug 2005 18:37:39 +0300

 This is a multi-part message in MIME format.
 --------------030801020100070205020908
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit

 I'm not sure how useful having an explicit chflags after the cp would
 be since several file flags can't be removed unless the machine is in
 single-user mode.

 Attached is a patch I suggest, adding a ``-b'' (backup) flag, that will
 simply not copy file flags.

 -e.

 -- 
 Elad Efrat
 PGP Key ID: 0x666EB914

 --------------030801020100070205020908
 Content-Type: text/plain;
  name="pr13645.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="pr13645.diff"

 Index: cp.1
 ===================================================================
 RCS file: /cvsroot/src/bin/cp/cp.1,v
 retrieving revision 1.24
 diff -u -p -r1.24 cp.1
 --- cp.1	7 Aug 2003 09:05:02 -0000	1.24
 +++ cp.1	14 Aug 2005 15:43:38 -0000
 @@ -32,7 +32,7 @@
  .\"
  .\"	@(#)cp.1	8.3 (Berkeley) 4/18/94
  .\"
 -.Dd December 18, 2002
 +.Dd August 15, 2005
  .Dt CP 1
  .Os
  .Sh NAME
 @@ -45,7 +45,7 @@
  .Op Fl H | Fl L | Fl P
  .Oc
  .Op Fl f | i
 -.Op Fl pv
 +.Op Fl bpv
  .Ar source_file target_file
  .Nm cp
  .Oo
 @@ -53,7 +53,7 @@
  .Op Fl H | Fl L | Fl P
  .Oc
  .Op Fl f | i
 -.Op Fl pv
 +.Op Fl bpv
  .Ar source_file ... target_directory
  .Sh DESCRIPTION
  In the first synopsis form, the
 @@ -99,6 +99,9 @@ indirected through, and for
  to create special files rather than copying them as normal files.
  Created directories have the same mode as the corresponding source
  directory, unmodified by the process' umask.
 +.It Fl b
 +Backup mode, don't copy file flags. Has no effect unless used with
 +.Fl p .
  .It Fl f
  For each existing destination pathname, attempt to overwrite it.
  If permissions do not allow copy to succeed, remove it and create a new
 Index: cp.c
 ===================================================================
 RCS file: /cvsroot/src/bin/cp/cp.c,v
 retrieving revision 1.36
 diff -u -p -r1.36 cp.c
 --- cp.c	26 Jun 2005 19:10:48 -0000	1.36
 +++ cp.c	14 Aug 2005 15:43:39 -0000
 @@ -85,7 +85,7 @@ static char empty[] = "";
  PATH_T to = { to.p_path, empty };

  uid_t myuid;
 -int Rflag, fflag, iflag, pflag, rflag, vflag; 
 +int Rflag, fflag, iflag, pflag, rflag, vflag, bflag;
  mode_t myumask;

  enum op { FILE_TO_FILE, FILE_TO_DIR, DIR_TO_DNE };
 @@ -105,7 +105,7 @@ main(int argc, char *argv[])
  	(void)setlocale(LC_ALL, "");

  	Hflag = Lflag = Pflag = Rflag = 0;
 -	while ((ch = getopt(argc, argv, "HLPRfiprv")) != -1) 
 +	while ((ch = getopt(argc, argv, "HLPRbfiprv")) != -1) 
  		switch (ch) {
  		case 'H':
  			Hflag = 1;
 @@ -122,6 +122,9 @@ main(int argc, char *argv[])
  		case 'R':
  			Rflag = 1;
  			break;
 +		case 'b':
 +			bflag = 1;
 +			break;
  		case 'f':
  			fflag = 1;
  			iflag = 0;
 Index: extern.h
 ===================================================================
 RCS file: /cvsroot/src/bin/cp/extern.h,v
 retrieving revision 1.10
 diff -u -p -r1.10 extern.h
 --- extern.h	26 Jun 2005 19:10:48 -0000	1.10
 +++ extern.h	14 Aug 2005 15:43:39 -0000
 @@ -42,7 +42,7 @@ typedef struct {

  extern PATH_T to;
  extern uid_t myuid;
 -extern int eflag, fflag, iflag, pflag;
 +extern int eflag, fflag, iflag, pflag, bflag;
  extern mode_t myumask;

  #include <sys/cdefs.h>
 Index: utils.c
 ===================================================================
 RCS file: /cvsroot/src/bin/cp/utils.c,v
 retrieving revision 1.27
 diff -u -p -r1.27 utils.c
 --- utils.c	4 Jan 2004 16:04:18 -0000	1.27
 +++ utils.c	14 Aug 2005 15:43:39 -0000
 @@ -299,7 +299,7 @@ setfile(struct stat *fs, int fd)
  		rval = 1;
  	}

 -	if (!islink) {
 +	if (!islink && !bflag) {
  		/*
  		 * XXX
  		 * NFS doesn't support chflags; ignore errors unless

 --------------030801020100070205020908--

From: Elad Efrat <elad@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: PR/13645 CVS commit: src/bin/cp
Date: Mon, 15 Aug 2005 17:13:35 +0000 (UTC)

 Module Name:	src
 Committed By:	elad
 Date:		Mon Aug 15 17:13:35 UTC 2005

 Modified Files:
 	src/bin/cp: cp.1 cp.c extern.h utils.c

 Log Message:
 Add and document -N: When used with -p, it will not copy the file flags.
 PR 13645.


 To generate a diff of this commit:
 cvs rdiff -r1.24 -r1.25 src/bin/cp/cp.1
 cvs rdiff -r1.36 -r1.37 src/bin/cp/cp.c
 cvs rdiff -r1.10 -r1.11 src/bin/cp/extern.h
 cvs rdiff -r1.27 -r1.28 src/bin/cp/utils.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: elad@netbsd.org
State-Changed-When: Mon, 15 Aug 2005 17:15:42 +0000
State-Changed-Why:
Fixed, http://mail-index.netbsd.org/source-changes/2005/08/15/0048.html


>Unformatted:

Home	PR Database Search