cp: odd behaviour; does not preserve symlink
Denys Vlasenko
vda.linux at googlemail.com
Tue Jun 9 18:34:33 UTC 2009
On Tue, Jun 9, 2009 at 11:12 AM, Cristian
Ionescu-Idbohrn<cristian.ionescu-idbohrn at axis.com> wrote:
> this is what the gnu-tools do:
>
> $ mkdir abc
> $ cd abc
>
> create a dangling symlink:
>
> $ ln -sf /tmp/foo
> $ ls -l
> lrwxrwxrwx 1 me users 8 Jun 9 10:35 foo -> /tmp/foo
> $ ls -l /tmp/foo
> ls: cannot access /tmp/foo: No such file or directory
>
> $ cp /etc/resolv.conf foo
> cp: not writing through dangling symlink `foo'
> $ touch foo
> $ ls -l /tmp/foo
> -rw-r--r-- 1 me users 0 Jun 9 10:44 /tmp/foo
>
> /etc/resolv.conf is written through the symlink:
>
> $ cp /etc/resolv.conf foo
> $ ls -l /tmp/foo
> -rw-r--r-- 1 me users 125 Jun 9 10:46 /tmp/foo
> $ ls -l
> lrwxrwxrwx 1 me users 8 Jun 9 10:35 foo -> /tmp/foo
>
> --- busybox ----------------------------------------
>
> BusyBox v1.14.1 (2009-06-08 17:34:46 CEST) multi-call binary
>
> $ mkdir abc
> $ cd abc
> # ln -sf /tmp/foo
> # ls -l
> lrwxrwxrwx 1 root root 8 Jun 9 08:50 foo -> /tmp/foo
> # ls -l /tmp/foo
> ls: /tmp/foo: No such file or directory
>
> 'cp' does not refuse to write through dangling symlink; overwrites the
> symlink with a file:
>
> # cp /etc/resolv.conf foo
> # echo $?
> 0
> # ls -l
> -rw-r--r-- 1 root root 71 Jun 9 08:54 foo
>
>
> 'cp' does not preserve the symlink eve if it's _not_ a dangling
> symlink:
>
> # rm foo
> # touch /tmp/foo
> # ls -l /tmp/foo
> -rw-r--r-- 1 root root 0 Jun 9 08:58 /tmp/foo
> # ln -s /tmp/foo
> # ls -l
> lrwxrwxrwx 1 root root 8 Jun 9 08:58 foo -> /tmp/foo
> # cp /etc/resolv.conf foo
> # echo $?
> 0
> # ls -l
> -rw-r--r-- 1 root root 71 Jun 9 08:58 foo
>
> Anyone else seeing this?
Yes. It's logical. cp *copies files*. IOW: it *creates a copy
of an existing file*. Copy of a file should be a file.
In this light,
cp file symlink - should not write into linked file
cp file device - should not send file's bytes into the device
but both should either refuse to copy or delete 2nd param,
and create *an ordinary file*.
Apart from that, "cp file symlink" is a security risk.
Think about this:
cp /backup/home/joe/dissertation.htm /home/joe
What if malicious Joe created /home/joe/dissertation.htm symlink
pointing to /etc/shadow? Or to /dev/sda1?
I know that POSIX and friends do not do that. I do not know
why they chose to do stupid things and have security risks
instead of prescribing that cp is a copy operation.
If you want to dump bytes into an arbitrary entry in a directory,
the natural way is "cat >dest".
--
vda
More information about the busybox
mailing list