2
# Make sure cp -p isn't too generous with existing file permissions.
4
# Copyright (C) 2006-2011 Free Software Foundation, Inc.
6
# This program is free software: you can redistribute it and/or modify
7
# it under the terms of the GNU General Public License as published by
8
# the Free Software Foundation, either version 3 of the License, or
9
# (at your option) any later version.
11
# This program is distributed in the hope that it will be useful,
12
# but WITHOUT ANY WARRANTY; without even the implied warranty of
13
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
# GNU General Public License for more details.
16
# You should have received a copy of the GNU General Public License
17
# along with this program. If not, see <http://www.gnu.org/licenses/>.
19
. "${srcdir=.}/init.sh"; path_prepend_ ../src
22
require_membership_in_two_groups_
24
# cp -p gives ENOTSUP on NFS on Linux 2.6.9 at least
37
chgrp $g2 fifo-copy &&
38
chmod g+r fifo-copy || framework-failure
40
# Copy a fifo's contents. That way, we can examine the
41
# destination permissions before they're finalized.
42
cp -p --copy-contents fifo fifo-copy &
46
# Now 'cp' is reading the fifo. Wait for the destination file to
47
# be written to, encouraging things along by echoing to the fifo.
48
while test ! -s fifo-copy; do
52
# Check the permissions of the destination.
53
ls -l -n fifo-copy >ls.out &&
55
# Close the fifo so that "cp" can continue. But output first,
56
# before exiting, otherwise some shells would optimize away the file
57
# descriptor that holds the fifo open.
61
# Check that the destination mode is safe while the file is being copied.
62
read mode links owner group etc <ls.out || fail=1
66
# FIXME: Remove the following case; the file mode should always be
67
# 600 while the data are being copied. This will require changing
68
# cp so that it also does not put $g1's data in a file that is
69
# accessible to $g2. This fix will not close a security hole, since
70
# a $g2 process can maintain an open file descriptor to the
71
# destination, but it's safer anyway.
73
# If the file has group $g1 and is group-readable, that is definitely bogus,
74
# as neither the source nor the destination was readable to group $g1.
75
test "$group" = "$g1" && fail=1;;
80
wait $cp_pid || fail=1
82
# Check that the final mode and group are right.
83
ls -l -n fifo-copy >ls.out &&
84
read mode links owner group etc <ls.out || fail=1
86
-rw-------*) test "$group" = "$g1" || fail=1;;