cp: odd behaviour; does not preserve symlink
Cristian Ionescu-Idbohrn
cristian.ionescu-idbohrn at axis.com
Tue Jun 9 20:57:26 UTC 2009
On Tue, 9 Jun 2009, Denys Vlasenko wrote:
> Yes. It's logical. cp *copies files*. IOW: it *creates a copy
> of an existing file*. Copy of a file should be a file.
>
> In this light,
>
> cp file symlink - should not write into linked file
> cp file device - should not send file's bytes into the device
So, what you're saying is that you're in disagreement with gnu & co. Is
that correct?
> but both should either refuse to copy or delete 2nd param,
> and create *an ordinary file*.
Right. But, that's not real life.
Don't get me wrong. I don't disagree with you.
> Apart from that, "cp file symlink" is a security risk.
> Think about this:
>
> cp /backup/home/joe/dissertation.htm /home/joe
>
> What if malicious Joe created /home/joe/dissertation.htm symlink
> pointing to /etc/shadow? Or to /dev/sda1?
But of course. Symlink attacks were not discovered yesterday. We keep
getting daily (security) tips on how to keep away from them. Still...
> I know that POSIX and friends do not do that. I do not know
> why they chose to do stupid things and have security risks
> instead of prescribing that cp is a copy operation.
Ok. That's fine with me. What you're saying is the busybox behaviour is
intentional. True?
> If you want to dump bytes into an arbitrary entry in a directory,
> the natural way is "cat >dest".
Yes.
Now how do we preach the gospel to the non-believers? POSIX and gnu
folks? My collegues. Are Denys and Cristian the true prophets? ;-)
Cheers,
--
Cristian
More information about the busybox
mailing list