From b9ad75fa602dd72b042b2ea08ce86da50746ab30 Mon Sep 17 00:00:00 2001 From: Denis Vlasenko Date: Fri, 28 Mar 2008 17:49:31 +0000 Subject: copy_file: handle "cp /dev/foo file" (almost) compatibly to coreutils. (almost because we do not copy mode, which is probably wasn't intended). +61 bytes. --- libbb/copy_file.c | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) (limited to 'libbb/copy_file.c') diff --git a/libbb/copy_file.c b/libbb/copy_file.c index d37d51562..3b83e1216 100644 --- a/libbb/copy_file.c +++ b/libbb/copy_file.c @@ -81,6 +81,7 @@ int copy_file(const char *source, const char *dest, int flags) signed char dest_exists = 0; signed char ovr; +/* Inverse of cp -d ("cp without -d") */ #define FLAGS_DEREF (flags & FILEUTILS_DEREFERENCE) if ((FLAGS_DEREF ? stat : lstat)(source, &source_stat) < 0) { @@ -229,12 +230,22 @@ int copy_file(const char *source, const char *dest, int flags) return 0; } - if (S_ISREG(source_stat.st_mode) - /* DEREF uses stat, which never returns S_ISLNK() == true. */ + if (/* "cp thing1 thing2" without -R: just open and read() from thing1 */ + !(flags & FILEUTILS_RECUR) + /* "cp [-opts] regular_file thing2" */ + || S_ISREG(source_stat.st_mode) + /* DEREF uses stat, which never returns S_ISLNK() == true. + * So the below is never true: */ /* || (FLAGS_DEREF && S_ISLNK(source_stat.st_mode)) */ ) { int src_fd; int dst_fd; + mode_t new_mode; + + if (!FLAGS_DEREF && S_ISLNK(source_stat.st_mode)) { + /* "cp -d symlink dst": create a link */ + goto dont_cat; + } if (ENABLE_FEATURE_PRESERVE_HARDLINKS && !FLAGS_DEREF) { const char *link_target; @@ -258,18 +269,24 @@ int copy_file(const char *source, const char *dest, int flags) if (src_fd < 0) return -1; + /* Do not try to open with weird mode fields */ + new_mode = source_stat.st_mode; + if (!S_ISREG(source_stat.st_mode)) + new_mode = 0666; + /* POSIX way is a security problem versus symlink attacks, * we do it only for non-symlinks, and only for non-recursive, * non-interactive cp. NB: it is still racy * for "cp file /home/bad_user/file" case * (user can rm file and create a link to /etc/passwd) */ if (DO_POSIX_CP - || (dest_exists && !(flags & (FILEUTILS_RECUR|FILEUTILS_INTERACTIVE)) + || (dest_exists + && !(flags & (FILEUTILS_RECUR|FILEUTILS_INTERACTIVE)) && !S_ISLNK(dest_stat.st_mode)) ) { - dst_fd = open(dest, O_WRONLY|O_CREAT|O_TRUNC, source_stat.st_mode); + dst_fd = open(dest, O_WRONLY|O_CREAT|O_TRUNC, new_mode); } else /* safe way: */ - dst_fd = open(dest, O_WRONLY|O_CREAT|O_EXCL, source_stat.st_mode); + dst_fd = open(dest, O_WRONLY|O_CREAT|O_EXCL, new_mode); if (dst_fd == -1) { ovr = ask_and_unlink(dest, flags); if (ovr <= 0) { @@ -277,7 +294,7 @@ int copy_file(const char *source, const char *dest, int flags) return ovr; } /* It shouldn't exist. If it exists, do not open (symlink attack?) */ - dst_fd = open3_or_warn(dest, O_WRONLY|O_CREAT|O_EXCL, source_stat.st_mode); + dst_fd = open3_or_warn(dest, O_WRONLY|O_CREAT|O_EXCL, new_mode); if (dst_fd < 0) { close(src_fd); return -1; @@ -285,8 +302,7 @@ int copy_file(const char *source, const char *dest, int flags) } #if ENABLE_SELINUX - if (((flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT) - || (flags & FILEUTILS_SET_SECURITY_CONTEXT)) + if ((flags & (FILEUTILS_PRESERVE_SECURITY_CONTEXT|FILEUTILS_SET_SECURITY_CONTEXT)) && is_selinux_enabled() > 0 ) { security_context_t con; @@ -313,8 +329,13 @@ int copy_file(const char *source, const char *dest, int flags) } /* ...but read size is already checked by bb_copyfd_eof */ close(src_fd); + /* "cp /dev/something new_file" should not + * copy mode of /dev/something */ + if (!S_ISREG(source_stat.st_mode)) + return retval; goto preserve_mode_ugid_time; } + dont_cat: /* Source is a symlink or a special file */ /* We are lazy here, a bit lax with races... */ -- cgit v1.2.3