diff options
| author | Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | 2018-08-22 17:11:41 +0530 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-29 15:23:51 +0100 |
| commit | a4ce8dbcc6fafc9bbb9f0f281a4643df265f09b9 (patch) | |
| tree | b8c036f151a7f458f0b5ff2a4960ed954bb75ad3 /scripts/lib/devtool/package.py | |
| parent | c035a200286256d4e9dac378279a0f7fa6d3e279 (diff) | |
| download | poky-a4ce8dbcc6fafc9bbb9f0f281a4643df265f09b9.tar.gz | |
coreutils: CVE-2017-18018
CVE-2017-18018-1:
doc: clarify chown/chgrp --dereference defaults
* doc/coreutils.texi: the documentation for the --dereference
flag of chown/chgrp states that it is the default mode of
operation. Document that this is only the case when operating
non-recursively.
CVE-2017-18018-2:
doc: warn about following symlinks recursively in chown/chgrp
In both chown and chgrp (which shares its code with chown), operating
on symlinks recursively has a window of vulnerability where the
destination user or group can change the target of the operation.
Warn about combining the --dereference, --recursive, and -L flags.
* doc/coreutils.texi (warnOptDerefWithRec): Add macro.
(node chown invocation): Add it to --dereference and -L.
(node chgrp invocation): Likewise.
Affects coreutils <= 8.29
(From OE-Core rev: a523bc6a2ff7d5b5415a789de02fb055ccd2c077)
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/lib/devtool/package.py')
0 files changed, 0 insertions, 0 deletions