Thursday, February 3, 2011

What happens when a chown occurs on a file being written to?

Background: I have a cron job which chown's the directories of new users. More often than not, these users are already uploading files to the server before the job occurs.

So will files successfully have their ownership changed if they are in the process of being uploaded?

From serverfault RHELAdmin

  • Ownership information is set when the file is created. If it's changed after that, it will stay unless the program rewrites ownership information again after the fact.

    From Chris S

  • Assuming you’re doing a recursive chown, and the files are written somewhere within the tree that you’re recursively changing the ownership of, then yes.

    What user are they uploading files as, though? How do they have write permission if the directories haven’t been chowned yet? Why not set the correct permissions before giving them access?

    From Mo

  • I have a cron job which chown's the directories of new users.

    I take it you mean both the directories of these new users, and all the contents of those directories (i.e. chown -R newuser:newuser /home/newuser-dir).

    This is a race condition, much like in programming, except you are experiencing it at the system rather than process level, but it is still a security risk.

    Mo is correct, unless you have a very strange requirement, it would be much better to use a uploading process that does not need such a background task to change file ownership.

    Because in one sense you are taking unvalidated data (the uploaded file), and automatically setting the trust level to equivalent to a different, presumably a more trusted user, without necessarily ensuring the security of the files. This creates the potential for abusing this race condition, such as if the new user can create a symbolic or hard link to a system file (e.g. /etc/shadow) so they can obtain the hashed passwords to then mount an off-line password cracking attack. That would be sad.

    cpbills : wow, that had not occurred to me, that's devious, if the ftpd allows one to break out of the chroot somehow... or if the directory structure weren't set up too well, as it kind of sounds, in this case...
    mctylr : They don't pay me _just_ for my good looks. :)
    mctylr : It's an old ftpd exploit as far as I can remember, back when ftp was popular.
    cpbills : you get PAID?! :P
    voretaq7 : peanuts (Literally. Bags of them. :-D)
    Chris S : @Mctylr: chown doesn't follow symlinks unless you specifically tell it to. Also your link to Race Conditions doesn't work, here's one that does: http://en.wikipedia.org/wiki/Race_condition
    mctylr : Link fixed. Thanks.
    RHELAdmin : Interesting read, thanks.
    From mctylr
Posted by Ku XI at 8:44 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)