emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cp: fix -i for POSIX mode. Closes 9106

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2016-08-13 23:23:48 +02:00
parent 150dc7a2b4
commit 98c50f93fe
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libbb/copy_file.c
View File

@ -296,11 +296,16 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
if (!S_ISREG(source_stat.st_mode)) if (!S_ISREG(source_stat.st_mode))
new_mode = 0666; new_mode = 0666;
// POSIX way is a security problem versus (sym)link attacks if (ENABLE_FEATURE_NON_POSIX_CP || (flags & FILEUTILS_INTERACTIVE)) {
if (!ENABLE_FEATURE_NON_POSIX_CP) { /*
dst_fd = open(dest, O_WRONLY|O_CREAT|O_TRUNC, new_mode); * O_CREAT|O_EXCL: require that file did not exist before creation
} else { /* safe way: */ */
dst_fd = open(dest, O_WRONLY|O_CREAT|O_EXCL, new_mode); dst_fd = open(dest, O_WRONLY|O_CREAT|O_EXCL, new_mode);
} else { /* POSIX, and not "cp -i" */
/*
* O_CREAT|O_TRUNC: create, or truncate (security problem versus (sym)link attacks)
*/
dst_fd = open(dest, O_WRONLY|O_CREAT|O_TRUNC, new_mode);
} }
if (dst_fd == -1) { if (dst_fd == -1) {
ovr = ask_and_unlink(dest, flags); ovr = ask_and_unlink(dest, flags);