| Age | Commit message (Collapse) | Author |
|---|
|
* src/copy.h (struct cp_options): New member owner_privileges.
* src/copy.c (USE_ACL): Define to 0 if not defined, for convenience.
(owner_failure_ok): New function.
(set_owner): Avoid a security-related race by doing an extra chmod
first if it looks like there might be trouble right after a chown.
Accept a source struct stat rather than a uid and gid, and
accept a boolean NEW_DST and destination struct stat.
All callers changed.
* src/copy.h (cp_options_default): New function, replacing the
old chown_privileges.
* src/copy.c (cp_options_default): Likewise.
* src/cp.c (cp_option_init): Use it.
* src/install.c (cp_option_init): Likewise.
* src/mv.c (cp_option_init): Likewise.
|
|
* NEWS: Mention this change.
* doc/coreutils.texi (cp invocation): Describe the new behavior.
* src/copy.c: No longer include "canonicalize.h".
(copy_reg): Upon failure to open a dangling destination symlink, don't
canonicalize the name, but rather fail (default) or, with POSIXLY_CORRECT,
repeat the open call without O_EXCL (potentially dangerous).
* src/copy.h (struct cp_options) [open_dangling_dest_symlink]:
New member. Reorder the others, grouping "bool" and "enum"
members together.
* tests/cp/thru-dangling: Test for changed and new behavior.
* src/cp.c (cp_option_init): Initialize new member.
* src/install.c (cp_option_init): Likewise.
* src/mv.c (cp_option_init): Likewise.
Signed-off-by: Jim Meyering <meyering@redhat.com>
|
|
A cross-partition move of a file in a sticky tmpdir and owned by
another user would evoke an invalid diagnostic after copying it:
mv: cannot remove `x': Operation not permitted
Either of the following (mv.c, remove.c) changes would fix the bug by
itself. I think it's slightly better to use both; the added cost is
minimal: mv: an extra lstat-per-mv-cmdline-arg-that-goes-cross-partition,
rm: an extra lstat-per-unlink-that-fails-w/EPERM.
* src/remove.c (remove_entry): Also lstat the file upon EPERM.
* src/mv.c (rm_option_init): Initialize root_dev_ino just as is done
in rm, so that a cross-partition invoked remove.c:rm call works the
same way as one invoked from the command-line use of "rm". That
setting of root_dev_ino makes rm() do the equivalent of an additional
lstat for each argument, which in turn gives rm enough information to
issue the right diagnostic.
* tests/mv/sticky-to-xpart (version): New file. Test for the above.
* tests/mv/Makefile.am (TESTS): Add sticky-to-xpart.
Arrange for "make check-root" to run the new root-only test.
* tests/Makefile.am (tb): New target, to run the new root-only test.
(all_t): Add tb.
* src/c99-to-c89.diff: Adjust offsets.
|
|
* bootstrap.conf (gnulib_modules): Grab closein.
* src/system.h (includes): Also include closein.h.
* src/mv.c (main): Use close_stdin, not close_stdout.
* src/cp.c (main): Likewise.
* src/ln.c (main): Likewise.
* src/rm.c (main): Likewise.
* src/install.c (main): Likewise.
* NEWS: Document the fix.
|
|
|
|
|
|
* tests/cp/Makefile.am (TESTS): Add cp-a-selinux.
* tests/selinux: New file.
* tests/Makefile.am (EXTRA_DIST): Add selinux.
* tests/misc/selinux: Source the new script, rather than open coding it.
Change how "cp -a" and "cp --preserve=context" work with SELinux.
Now, cp -a attempts to preserve context, but failure to do so does
not change cp's exit status. However "cp --preserve=context" is
similar, but failure *does* cause cp to exit with nonzero status.
* src/copy.h (struct cp_options) [require_preserve_context]: New member.
* src/copy.c (copy_reg, copy_internal): Implement the above.
* src/mv.c (cp_option_init): Initialize the new member.
* src/install.c (cp_option_init): Likewise.
* src/cp.c (cp_option_init): Likewise.
(decode_preserve_arg): Set it or reset it.
FIXME: add an on-writable-NFS-only test
|
|
patch, mv and cp do not provide the "-Z context" option.
* src/copy.c: Include <selinux/selinux.h>.
(restore_default_fscreatecon): New function.
(copy_reg): Make cp --preserve=context work for existing destination.
(copy_internal): Likewise for new destinations.
* src/copy.h (cp_options) [preserve_security_context]: New member.
* src/cp.c: Include <selinux/selinux.h>.
(selinux_enabled): New global.
(usage): Mention new --preserve=context option.
(PRESERVE_CONTEXT): Define/use.
(decode_preserve_arg): Handle PRESERVE_CONTEXT.
(main): Remove an obsolete comment.
If --preserve=context is specified on a system without SELinux
enabled, give a diagnostic and fail.
* src/mv.c: Include <selinux/selinux.h>.
Set x->preserve_security_context if SELinux is enabled.
* src/install.c: Accept new "-Z, --context=C" option.
Accept --preserve-context option (but not -P option).
Accept alternate spelling: --preserve_context, for now.
Include <selinux/selinux.h> and "quotearg.h".
(selinux_enabled, use_default_selinux_context): New globals.
(PRESERVE_CONTEXT_OPTION): Define.
(cp_option_init): Default: do not preserve security context.
(setdefaultfilecon): New function.
(main): Honor new options.
* src/Makefile.am (mv_LDADD, cp_LDADD, ginstall_LDADD):
Add $(LIB_SELINUX).
|
|
* src/system.h (emit_bug_reporting_address): New function.
* src/base64.c: Use it rather than a literal printf.
* src/basename.c, src/cat.c, src/chgrp.c, src/chmod.c:
* src/chown.c, src/chroot.c, src/cksum.c, src/comm.c, src/cp.c:
* src/csplit.c, src/cut.c, src/date.c, src/dd.c, src/df.c:
* src/dircolors.c, src/dirname.c, src/du.c, src/echo.c, src/env.c:
* src/expand.c, src/expr.c, src/factor.c, src/fmt.c, src/fold.c:
* src/head.c, src/hostid.c, src/hostname.c, src/id.c, src/install.c:
* src/join.c, src/kill.c, src/link.c, src/ln.c, src/logname.c:
* src/ls.c, src/md5sum.c, src/mkdir.c, src/mkfifo.c, src/mknod.c:
* src/mv.c, src/nice.c, src/nl.c, src/nohup.c, src/od.c:
* src/paste.c, src/pathchk.c, src/pinky.c, src/pr.c, src/printenv.c:
* src/printf.c, src/ptx.c, src/pwd.c, src/readlink.c, src/rm.c:
* src/rmdir.c, src/seq.c, src/setuidgid.c, src/shred.c, src/shuf.c:
* src/sleep.c, src/sort.c, src/split.c, src/stat.c, src/stty.c:
* src/su.c, src/sum.c, src/sync.c, src/system.h, src/tac.c:
* src/tail.c, src/tee.c, src/test.c, src/touch.c, src/tr.c:
* src/true.c, src/tsort.c, src/tty.c, src/uname.c, src/unexpand.c:
* src/uniq.c, src/unlink.c, src/uptime.c, src/users.c, src/wc.c:
* src/who.c, src/whoami.c, src/yes.c: Likewise.
|
|
* NEWS: Mention this.
* src/remove.h (enum rm_interactive): New ternary type.
(struct rm_options) [interactive]: Use it, here -- rather than bool.
* src/remove.c (prompt): Reflect type change.
* src/mv.c (rm_option_init): Initialize to RMI_NEVER now.
* src/rm.c (main): Add a FIXME comment for '-d' option.
Adapt to type change of rm_options.interactive.
* tests/rm/i-never: New file. Test for the above fix.
* tests/rm/Makefile.am (TESTS): Add i-never.
|
|
Suggested by Steve McIntyre in <http://bugs.debian.org/392925>.
* src/remove.h (struct rm_options) [one_file_system]: New member.
* src/rm.c (rm_option_init): Initialize it.
(usage): Document the option.
* src/mv.c (rm_option_init): Likewise.
* src/remove.c (remove_dir): With --one-file-system and --recursive,
for each directory command line argument, do not affect a file system
different from that of the starting directory. And give a diagnostic.
* src/rm.c (ONE_FILE_SYSTEM): New enum.
(main): Handle new option.
* tests/rm/one-file-system: Test the above.
* tests/rm/Makefile.am (TESTS): Add one-file-system.
* tests/Makefile.am (check-root): Add the rm/one-file-system
test to the list.
(EXTRA_DIST): Add other-fs-tmpdir.
* tests/mv/setup: Removed. Renamed to...
* tests/other-fs-tmpdir: ...this new file.
* tests/mv/Makefile.am (EXTRA_DIST): Remove setup.
* tests/mv/acl: Reflect renaming: use ../other-fs-tmpdir.
* tests/mv/backup-is-src: Likewise.
* tests/mv/hard-link-1: Likewise.
* tests/mv/leak-fd: Likewise.
* tests/mv/mv-special-1: Likewise.
* tests/mv/part-fail: Likewise.
* tests/mv/part-hardlink: Likewise.
* tests/mv/part-rename: Likewise.
* tests/mv/part-symlink: Likewise.
* tests/mv/partition-perm: Likewise.
* tests/mv/to-symlink: Likewise.
* tests/mv/into-self-2: Likewise.
[doc/ChangeLog]
* coreutils.texi (rm invocation): Describe --one-file-system.
|
|
Instead, since it's a little fragile, assert the condition.
(target_directory_operand): Update comment to reflect latest change.
|
|
where the first one names a directory and the second name ends in
a slash and doesn't exist. E.g., "mv dir B/", for nonexistent B,
now succeeds, once more. This reverts part of the 2004-06-27
change for 5.3.0.
* NEWS: Say the above.
* src/mv.c (target_directory_operand): Don't require (here)
that the target operand "look like" a directory. This change
pushes the test down to the rename syscall level, where a
"mv dir existing-non-dir/" will mistakenly succeed on older systems
that ignore trailing slashes in the rename destination argument.
* src/cp.c (target_directory_operand): Likewise, but for cp.
* tests/mv/trailing-slash: Exercise the above fixes.
* tests/cp/trailing-slash: New file.
* tests/cp/Makefile.am (EXTRA_DIST): Add trailing-slash.
|
|
|
|
base_name.
|
|
option string from its description, so help2man formats the
derived man page properly. Patch from Nicolas François
in http://bugs.debian.org/351601.
|
|
|
|
|
|
(usage): Remove description of --reply.
|
|
|
|
It was deprecated nearly 6 years ago and has been warning
users to switch to --backup=S since fileutils-4.0j.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cp_option_init, do_move, movefile, main): Likewise.
* src/remove.c (right_justify), full_filename_, AD_pop_and_chdir,
AD_push, prompt, remove_dir): Likewise.
|
|
|
|
and --no-target-directory options, respectively.
(NO_TARGET_DIRECTORY_OPTION, TARGET_DIRECTORY_OPTION):
Remove. All uses changed to 'T' and 't', respectively.
(long_options, main, usage): Add -t and -T as
aliases for --target-directory and --no-target-directory,
respectively.
|
|
|
|
(NO_TARGET_DIRECTORY_OPTION): New constant.
(long_options, usage, main): Add support for
(enum): Sort values.
|
|
last operands that are (or look like) directories.
* src/cp.c (target_directory_operand): New, nearly-common function,
It reports an error if the destination appears to be a directory
(e.g., because it has a trailing slash) but is not.
* src/ln.c, src/mv.c: Likewise.
* src/cp.c (do_copy): Use it.
* src/ln.c (main): Likewise.
* src/mv.c (main): Likewise.
* src/cp.c (do_copy): Don't output a usage message because of file
problems (e.g., an operand is not a directory). Use it only for
syntax. Standardize on "target %s is not a directory" for the
diagnostic.
* src/ln.c (main): Likewise.
* src/mv.c (main): Likewise.
* src/cp.c (do_copy): Remove test for trailing slash, since
target_directory_operand now does this.
* src/ln.c (main): Likewise.
* src/mv.c (movefile): Likewise.
* src/ln.c (isdir): Remove decl; no longer needed.
* src/mv.c (isdir, lstat): Likewise.
* src/ln.c (main): Use int to count to argc, not unsigned int.
This handles negative operand counts.
* src/mv.c (main): Likewise.
* src/mv.c (do_move): Don't call hash_init; expect the caller to
do it, for consistency with cp.c and ln.c. All callers changed.
(movefile): dest_is_dir parameter is now bool, not int.
(main): Standardize on "missing destination file operand after %s"
for the diagnostic, for consistency with cp.c.
|
|
too few operands ("missing operand after `xxx'") or
too many operands ("extra operand `xxx'").
Include "quote.h" and/or "error.h" if it wasn't already being included.
|
|
|
|
|
|
(main): Don't assume EXIT_FAILURE == 1, as POSIX doesn't require it.
|
|
|
|
of 2003-09-19. Now, AUTHORS is a comma-separated list of strings.
Update the call to parse_long_options so that `AUTHORS, NULL' are the
last parameters.
* src/true.c (main): Append NULL to version_etc argument list.
* src/sys2.h (case_GETOPT_VERSION_CHAR): Likewise.
|
|
generated `man' page is more readable. Suggestion from Dan Jacobson.
|
|
Begin each WRITTEN_BY string with `Written by ' and end it with `.'.
Mark each WRITTEN_BY string as translatable.
|
|
|
|
the call to parse_long_options so that `AUTHORS, NULL' are the last parameters.
|
|
adequate, since join.c uses alloca, yet lacked an in-file #pragma.
Remove `#pragma alloca'.
|
|
|
|
|
|
|
|
`exit (1)' to `exit (EXIT_FAILURE)', and
`usage (1)' to `usage (EXIT_FAILURE)'.
|
|
(yesno): Remove declaration. It too was unused.
|
