From owner-freebsd-security@FreeBSD.ORG Tue Jan 16 01:43:39 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ADE3016A416 for ; Tue, 16 Jan 2007 01:43:39 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd3mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id 80C4313C4A5 for ; Tue, 16 Jan 2007 01:43:39 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd3mr6so.prod.shaw.ca (pd3mr6so-qfe3.prod.shaw.ca [10.0.141.21]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JBX0086BU4QHHC0@l-daemon> for freebsd-security@freebsd.org; Mon, 15 Jan 2007 18:43:38 -0700 (MST) Received: from pn2ml4so.prod.shaw.ca ([10.0.121.148]) by pd3mr6so.prod.shaw.ca (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005)) with ESMTP id <0JBX00KG8U4PUBB2@pd3mr6so.prod.shaw.ca> for freebsd-security@freebsd.org; Mon, 15 Jan 2007 18:43:37 -0700 (MST) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0JBX004WNU4HN510@l-daemon> for freebsd-security@freebsd.org; Mon, 15 Jan 2007 18:43:30 -0700 (MST) Received: (qmail 45396 invoked from network); Tue, 16 Jan 2007 01:47:12 +0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by localhost with SMTP; Tue, 16 Jan 2007 01:47:12 +0000 Date: Mon, 15 Jan 2007 17:47:11 -0800 From: Colin Percival In-reply-to: <45AC29EA.70009@erdgeist.org> To: Dirk Engling Message-id: <45AC2E9F.20901@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 References: <200701111841.l0BIfWOn015231@freefall.freebsd.org> <45A6DB76.40800@freebsd.org> <20070113112937.GI90718@garage.freebsd.pl> <45ABDC7C.6060407@erdgeist.org> <20070115210826.GA2839@garage.freebsd.pl> <45ABEEEE.4030609@erdgeist.org> <20070115220039.GB2839@garage.freebsd.pl> <45AC29EA.70009@erdgeist.org> User-Agent: Thunderbird 1.5.0.9 (X11/20061227) Cc: freebsd-security@freebsd.org, Pawel Jakub Dawidek Subject: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jan 2007 01:43:39 -0000 Dirk Engling wrote: > Please try the "cp -f" before guessing, what it might do ;) > > cp -f removes anything on that location before relinking the new file. > Atomically. No. `cp -f` unlinks the existing file and creates a new file, but will still follow a symlink if one is created between the "unlink" syscall and the "open" syscall. /* remove existing destination file name, * create a new file */ (void)unlink(to.p_path); if (!lflag) to_fd = open(to.p_path, O_WRONLY | O_TRUNC | O_CREAT, fs->st_mode & ~(S_ISUID | S_ISGID)); Colin Percival