Bug#492115: gvfs-fuse: improperly dereferences symbolic links

brian m. carlson sandals at crustytoothpaste.net
Wed Mar 12 23:43:23 UTC 2014


On Tue, Mar 11, 2014 at 05:29:20PM +0000, althaser wrote:
> Hey Brian,
> 
> Could you please still reproduce this issue with newer versions ?

Yup.  It's clearly still broken:

  vauxhall ok % ls -l /run/user/1000/gvfs/sftp:host=castro.crustytoothpaste.net,user=bmc/vmlinuz
  -rwx------ 1 bmc bmc 2887760 Mar  5 13:40 /run/user/1000/gvfs/sftp:host=castro.crustytoothpaste.net,user=bmc/vmlinuz
  castro ok % ls -l /vmlinuz
  lrwxrwxrwx 1 root root 25 Feb 24 10:34 /vmlinuz -> boot/vmlinuz-3.13-1-amd64
  castro ok % ls -lL /vmlinuz
  -rw-r--r-- 1 root root 2887760 Mar  5 13:40 /vmlinuz

I have no clue where it's getting these permissions from, either.
Clearly the kernel is not executable, and it looks like it's
dereferencing the symlink, but deciding to take the permissions from the
symlink itself and then mask them off.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20140312/84498cd9/attachment.sig>


More information about the pkg-gnome-maintainers mailing list