Use lchown instead of chown (security problem of symlinks ownership)

diff --git a/CHANGES b/CHANGES
index 48e9e60973518b812e7f2c6b94a8d985f5b7191b..98793c81c95fd146eddd226c65525b18add66cad 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,13 @@
-$Id: CHANGES,v 1.12 1999/11/03 21:05:52 tiniou Exp $
+$Id: CHANGES,v 1.13 1999/11/05 22:02:11 tiniou Exp $
+
+Changes between versions 0.4b8 and 0.4b9 (released November 5, 1999)
+====================================================================
+
+1.     Use lchown instead of chown, fixing a possible security problem 
+       when restoring symlinks (a malicious user could use this
+       to deliberately corrupt the ownership of important system files).
+       Thanks to Chris Siebenmann <cks@utcc.utoronto.ca> for detecting
+       this and providing the patch.
 
 Changes between versions 0.4b7 and 0.4b8 (released November 3, 1999)
 ====================================================================

diff --git a/MCONFIG.in b/MCONFIG.in
index 0e649aff1de1ead3eafbdb8ab5d2e9fa00399cd9..871a8d96ca4278b573d338cbf94c8ffbd695dfda 100644 (file)
--- a/MCONFIG.in
+++ b/MCONFIG.in
@@ -2,8 +2,8 @@ VPATH=          $(srcdir)
 
 top_builddir=  @top_builddir@
 
-VERSION=       0.4b8
-DATE=          November 3, 1999
+VERSION=       0.4b9
+DATE=          November 5, 1999
 
 AR=            @AR@
 CC=            @CC@

diff --git a/config.h.in b/config.h.in
index d7e66cb748e5a2eb305cc0f1f623be5c0a7c5b60..c3d882c816590c750efd919bdc6daebbe9a448f1 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -38,3 +38,6 @@
 
 /* Define if you have the glob function.  */
 #undef HAVE_GLOB
+
+/* Define if you have the lchown function.  */
+#undef HAVE_LCHOWN

diff --git a/configure b/configure
index 096ebde0cf1e4f7d31c13c58b1e402a486a42c94..7c8e470959b0b9c7f19b672ab92b1d036ecbee2c 100755 (executable)
--- a/configure
+++ b/configure
@@ -1615,7 +1615,7 @@ if test "$ext2fs_h" = no -o "$ext2fs_lib" = no; then
        { echo "configure: error: You need to install the Ext2fs libraries from the E2fsprogs distribution first" 1>&2; exit 1; }
 fi
 
-for ac_func in err errx verr verrx vwarn vwarnx warn warnx realpath glob
+for ac_func in err errx verr verrx vwarn vwarnx warn warnx realpath glob lchown
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
 echo "configure:1622: checking for $ac_func" >&5

diff --git a/configure.in b/configure.in
index a66f6288cab2ccbffb3050b23ca80030c8734c02..adc764b1ace0b21d40940c8056649f1c23ee203b 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -215,7 +215,7 @@ fi
 dnl
 dnl Check for library functions
 dnl
-AC_CHECK_FUNCS(err errx verr verrx vwarn vwarnx warn warnx realpath glob)
+AC_CHECK_FUNCS(err errx verr verrx vwarn vwarnx warn warnx realpath glob lchown)
 
 dnl
 dnl Check for types

diff --git a/dump.lsm b/dump.lsm
index 6286e9d5f3d5099f05db09313cc71c1067bf3b5c..41c975e7ccab1ac6a1668305c9a6701e9e4ed6df 100644 (file)
--- a/dump.lsm
+++ b/dump.lsm
@@ -1,13 +1,13 @@
 Begin3
 Title:          dump and restore for Ext2fs
-Version:        0.4b8
-Entered-date:   03NOV99
+Version:        0.4b9
+Entered-date:   05NOV99
 Description:    Port of the 4.4BSD dump and restore backup suite
 Keywords:       backup, filesystem, Ext2fs
 Author:         University of California, Berkeley
 Maintained-by:  pop@cybercable.fr (Stelian Pop)
 Primary-site:   tsx-11.mit.edu /pub/linux/ALPHA/ext2fs
-                135kB dump-0.4b8.tar.gz
+                135kB dump-0.4b9.tar.gz
                 677 dump.lsm
 Alternate-site: http://perso.cybercable.fr/pop/dump
 Original-site:  ftp.freebsd.org /pub/bsd-sources/4.4BSD-Lite2/sbin

diff --git a/dump.spec b/dump.spec
index 9a3bae9f5b3403e97c9ca76f5365427635c76000..2a2b793462bfff074ab3af62a7d6b1df9a912b70 100644 (file)
--- a/dump.spec
+++ b/dump.spec
@@ -1,6 +1,6 @@
 Summary: Programs for backing up and restoring filesystems.
 Name: dump
-Version: 0.4b8
+Version: 0.4b9
 Release: 1
 Copyright: UCB
 Group: Applications/Archiving
@@ -78,6 +78,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_prefix}/man/man8/rmt.8 
 
 %changelog
+* Wed Nov 5 1999 Stelian Pop <pop@cybercable.fr>
+- dump 0.4b9 released, first packaging.
+
 * Wed Nov 3 1999 Stelian Pop <pop@cybercable.fr>
 - dump 0.4b8 released, first packaging.
 

diff --git a/restore/tape.c b/restore/tape.c
index 55519818bc61fc636029ee1c84a97c617aef7ac4..754da610152cb9732c855c854209486f4466c3ff 100644 (file)
--- a/restore/tape.c
+++ b/restore/tape.c
@@ -45,7 +45,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-       "$Id: tape.c,v 1.6 1999/10/13 09:57:21 stelian Exp $";
+       "$Id: tape.c,v 1.7 1999/11/05 22:02:19 tiniou Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -579,7 +579,9 @@ extractfile(char *name)
                }
                if (linkit(lnkbuf, name, SYMLINK) == FAIL)
                        return (FAIL);
-               (void) chown(name, luid, lgid);
+#ifdef HAVE_LCHOWN
+               (void) lchown(name, luid, lgid);
+#endif
                return (GOOD);
        }