summaryrefslogtreecommitdiff
path: root/src/copy.h
AgeCommit message (Collapse)Author
2007-12-01Fix a security race with "cp -p A B" when B already exists.Paul Eggert
* src/copy.h (struct cp_options): New member owner_privileges. * src/copy.c (USE_ACL): Define to 0 if not defined, for convenience. (owner_failure_ok): New function. (set_owner): Avoid a security-related race by doing an extra chmod first if it looks like there might be trouble right after a chown. Accept a source struct stat rather than a uid and gid, and accept a boolean NEW_DST and destination struct stat. All callers changed. * src/copy.h (cp_options_default): New function, replacing the old chown_privileges. * src/copy.c (cp_options_default): Likewise. * src/cp.c (cp_option_init): Use it. * src/install.c (cp_option_init): Likewise. * src/mv.c (cp_option_init): Likewise.
2007-11-22cp: by default, refuse to copy through a dangling destination symlinkJim Meyering
* NEWS: Mention this change. * doc/coreutils.texi (cp invocation): Describe the new behavior. * src/copy.c: No longer include "canonicalize.h". (copy_reg): Upon failure to open a dangling destination symlink, don't canonicalize the name, but rather fail (default) or, with POSIXLY_CORRECT, repeat the open call without O_EXCL (potentially dangerous). * src/copy.h (struct cp_options) [open_dangling_dest_symlink]: New member. Reorder the others, grouping "bool" and "enum" members together. * tests/cp/thru-dangling: Test for changed and new behavior. * src/cp.c (cp_option_init): Initialize new member. * src/install.c (cp_option_init): Likewise. * src/mv.c (cp_option_init): Likewise. Signed-off-by: Jim Meyering <meyering@redhat.com>
2007-07-23Update all copyright notices to use the newer form.Jim Meyering
2007-07-10Change "version 2" to "version 3" in all copyright notices.Jim Meyering
2007-06-15Correct cp's handling of destination symlinks in some cases.Paul Eggert
* NEWS: "cp" no longer considers a destination symlink to be the same as the referenced file when copying links or making backups. * src/copy.c (copy_reg): When following a symlink, use the followed name in later chown etc. requests, so that the created file is affected, rather than the symlink. Use O_NOFOLLOW on source when not dereferencing symlinks; this avoids a race. Preserve errno correctly when doing multiple open attempts on the destination. (copy_internal): Follow destination symlinks only when copying a regular file and only when we don't intend to remove or rename the destination first, regardless of whether following source symlinks; this is because since POSIX and tradition (e.g., FreeBSD) say we should ordinarily follow destination symlinks if the system calls would ordinarily do so. * src/copy.h (struct cp_options): Add comment that 'dereference' is only for source files. * src/cp.c (usage): Note that --derereference etc. are only for source files. (make_dir_parents_private): Follow symlinks, regardless of whether --dereference is specified, because these are destination symlinks. * tests/cp/same-file: Adjust tests to match revised behavior. Filter out perror output since it might vary from host to host. Use sed alone instead of also using echo. * doc/coreutils.texi (cp invocation): Document the behavior better when the destination is a symlink. Clarify source versus destination symlinks. Describe the new behavior for destination symlinks. 2007-06-15 Jim Meyering <jim@meyering.net> * src/copy.c: Include "canonicalize.h". (copy_reg): Use canonicalize_filename_mode to follow the symlink, so that we can always open with O_EXCL and avoid a race.
2007-03-29* tests/cp/cp-a-selinux: New file. Test for the bug reported inJim Meyering
* tests/cp/Makefile.am (TESTS): Add cp-a-selinux. * tests/selinux: New file. * tests/Makefile.am (EXTRA_DIST): Add selinux. * tests/misc/selinux: Source the new script, rather than open coding it. Change how "cp -a" and "cp --preserve=context" work with SELinux. Now, cp -a attempts to preserve context, but failure to do so does not change cp's exit status. However "cp --preserve=context" is similar, but failure *does* cause cp to exit with nonzero status. * src/copy.h (struct cp_options) [require_preserve_context]: New member. * src/copy.c (copy_reg, copy_internal): Implement the above. * src/mv.c (cp_option_init): Initialize the new member. * src/install.c (cp_option_init): Likewise. * src/cp.c (cp_option_init): Likewise. (decode_preserve_arg): Set it or reset it. FIXME: add an on-writable-NFS-only test
2007-03-29cp, mv, install: add SELinux support, but unlike with the Red HatJim Meyering
patch, mv and cp do not provide the "-Z context" option. * src/copy.c: Include <selinux/selinux.h>. (restore_default_fscreatecon): New function. (copy_reg): Make cp --preserve=context work for existing destination. (copy_internal): Likewise for new destinations. * src/copy.h (cp_options) [preserve_security_context]: New member. * src/cp.c: Include <selinux/selinux.h>. (selinux_enabled): New global. (usage): Mention new --preserve=context option. (PRESERVE_CONTEXT): Define/use. (decode_preserve_arg): Handle PRESERVE_CONTEXT. (main): Remove an obsolete comment. If --preserve=context is specified on a system without SELinux enabled, give a diagnostic and fail. * src/mv.c: Include <selinux/selinux.h>. Set x->preserve_security_context if SELinux is enabled. * src/install.c: Accept new "-Z, --context=C" option. Accept --preserve-context option (but not -P option). Accept alternate spelling: --preserve_context, for now. Include <selinux/selinux.h> and "quotearg.h". (selinux_enabled, use_default_selinux_context): New globals. (PRESERVE_CONTEXT_OPTION): Define. (cp_option_init): Default: do not preserve security context. (setdefaultfilecon): New function. (main): Honor new options. * src/Makefile.am (mv_LDADD, cp_LDADD, ginstall_LDADD): Add $(LIB_SELINUX).
2006-12-06* NEWS: Document the cp --preserve=ownership fix.Paul Eggert
* m4/jm-macros.m4 (coreutils_MACROS): Check for fchmod. * src/copy.c (fchmod_or_lchmod): New function. (copy_reg): New arg OMITTED_PERMISSIONS. All uses changed. Omit confusing and unused ", dst_mode" arg to 'open' without O_CREAT. When creating a file, use O_EXCL, so we're more likely to detect funny business by other processes. At the end, if permissions were omitted, chmod them back in. (copy_internal): If the ownership might change, omit some permissions at first, then restore them after chowning the file. * src/cp.c (make_dir_parents_private): Likewise. * src/copy.c (cached_umask): New function. * src/copy.h (cached_umask): New decl.
2005-12-17(cp_option_init) [umask_kill]: Remove member.Jim Meyering
2005-07-03Include "lstat.h" rather than rolling our own.Paul Eggert
2005-06-02Don't use "path" or "filename".Paul Eggert
2005-05-31Add copyright notice.Paul Eggert
(struct cp_options): Remove myeuid member. Add chown_privileges member. (chown_privileges, chown_failure_ok): New function decls.
2004-11-26(stat, lstat, rename): Remove decls.Paul Eggert
2004-07-30(struct cp_options): Use bool when appropriate.Paul Eggert
2004-06-30Use "file system" rather than "filesystem" in comments.Jim Meyering
2004-02-07Remove xstat function pointer member. The way it was used was notJim Meyering
portable, since some systems (OSF V5.1, Solaris 2.5.1) provide static inline `stat' and `lstat' functions, thus making the tests of `xstat == lstat' in copy.c always fail. (struct cp_options) [xstat]: Remove member. (XSTAT): New macro.
2003-03-26(struct cp_options): Add a comment.Jim Meyering
2003-01-04Remove use of PARAMS.Jim Meyering
2002-12-15Remove all uses of `PARAMS'.Jim Meyering
2001-11-22(struct cp_options) [src_info]: New member.Jim Meyering
(src_info_init): Declare.
2001-11-22Include hash.h.Jim Meyering
(struct cp_options) [dest_info]: New member.
2001-10-13(enum Dereference_symlink): Add comments.Jim Meyering
(struct cp_options) [preserve_links]: New member.
2001-10-13(struct cp_options) [failed_unlink_is_fatal]: Remove unused member.Jim Meyering
2001-10-13(struct cp_options): Rename members:Jim Meyering
s/preserve_owner_and_group/preserve_ownership/, and s/preserve_chmod_bits/preserve_mode/.
2001-09-28(dest_info_init): Declare.Jim Meyering
2001-09-15(enum Interactive): Remove members, I_OFF and I_ON.Jim Meyering
Instead, add I_ALWAYS_YES, I_ALWAYS_NO, and I_ASK_USER.
2001-08-13(enum Interactive): New type.Jim Meyering
(struct cp_options) [interactive]: Change type to Interactive. (struct cp_options) [stdin_tty]: New member.
2001-01-14[RENAME_TRAILING_SLASH_BUG]: Use the rename wrapper.Jim Meyering
2000-09-04Move declaractions of lstat, stat, and rpl_lstatJim Meyering
as well as the definition of lstat from cp.c to this file.
2000-09-03correct description of unlink_dest_after_failed_openJim Meyering
2000-09-03commentJim Meyering
2000-09-03(struct cp_options) [force]: Remove member.Jim Meyering
[unlink_dest_before_opening]: Add member. [unlink_dest_after_failed_open]: Add member.
2000-08-20(enum Dereference_symlink): Define.Jim Meyering
(struct cp_options) [dereference]: Change type to Dereference_symlink.
1999-04-26(struct cp_options.umask_kill): Use mode_t, not unsigned int.Jim Meyering
1998-05-11Better support for mv:Jim Meyering
[struct cp_options] (move_mode): New member.
1998-05-10Support for install:Jim Meyering
[struct cp_options] (failed_unlink_is_fatal): New member. (preserve_owner_and_group): New member. (preserve_chmod_bits): New member. (preserve_timestamps): New member. (preserve): Remove member. (set_mode): New member. (mode): New member.
1998-03-13(copy): Update prototype.Jim Meyering
1998-01-21(VALID_SPARSE_MODE): Define.Jim Meyering
[struct cp_options] (backup_type): New member.
1997-12-21Use PARAMS, not __P.Jim Meyering
1997-10-06*** empty log message ***Jim Meyering
1997-10-06(struct cp_options): New field: require_preserve.Jim Meyering
1997-02-02.Jim Meyering
1997-02-02.Jim Meyering