sed: In-place editing (-i flag) drops EA (ACLs and user-defined)
Bug #25921 reported by
Debian Bug Importer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sed (Debian) |
Fix Released
|
Unknown
|
|||
sed (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Automatically imported from Debian bug report #339793 http://
Changed in sed: | |
status: | Unconfirmed → Confirmed |
Changed in sed (Debian): | |
status: | New → Fix Released |
To post a comment you must log in.
Message-ID: <email address hidden>
Date: Fri, 18 Nov 2005 22:01:31 +0100
From: Pierre THIERRY <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: sed: In-place editing (-i flag) drops EA (ACLs and user-defined)
--nSQp8DZZn7gZbDHt Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: sed
Version: 4.1.2-8
Severity: grave
Tags: security
Justification: user security hole
When doing in-place editing, sed creates a new file without copying ACLs
and user-defined EA. It's not only a loss of maybe precious data
(user-defined EA) but a security hole, because dropping the ACLs can
give back some rights on the file.
For detailed information about the problem and the solution in general,
see:
http:// www.suse. de/~agruen/ ea-acl- copy/
As sed is a very common tool, the problem also is it will probably be
used on files without the knowledge of the user (e.g. by the way of
shell scripts).
-- System Information: 3Dfr_FR@ euro (charmap= 3DISO-8859- 15)
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-k7
Locale: LANG=3Dfr_FR@euro, LC_CTYPE=
Versions of packages sed depends on:
ii libc6 2.3.5-6 GNU C Library: Shared librarie=
s an
sed recommends no packages.
-- no debconf information
--=20
<email address hidden>
OpenPGP 0xD9D50D8A
--nSQp8DZZn7gZbDHt pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
3INnVDYoRArt5AK DApE2J/ GBwmBP+ y+pNxSMraaX+ DgCg8nxR 0hOnS8B8=
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDfkErxe1
oy3nx5BUEoGiEAG
=fbbm
-----END PGP SIGNATURE-----
--nSQp8DZZn7gZb DHt--