From 24852bf5b5e7fd954f2e4d1d08d58575453b48b0 Mon Sep 17 00:00:00 2001
From: Jim Meyering <jim@meyering.net>
Date: Thu, 14 Dec 2006 11:09:44 +0100
Subject: [PATCH] * NEWS: --preserve-root now works with chgrp, chmod, and
 chown. * src/chmod.c (process_file): Do honor the --preserve-root option. *
 src/chown-core.c (change_file_owner): Likewise, but here, also handle the
 case in which a traversal would go "through" a symlink to root.  Reported by
 Matthew M. Boedicker * tests/chown/preserve-root: Test for the above. *
 tests/chown/Makefile.am (TESTS): Add preserve-root.

---
 ChangeLog                 |  8 ++++++
 NEWS                      |  4 ++-
 src/chmod.c               |  4 +++
 src/chown-core.c          | 24 ++++++++++------
 tests/chown/Makefile.am   |  1 +
 tests/chown/preserve-root | 70 +++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 102 insertions(+), 9 deletions(-)
 create mode 100755 tests/chown/preserve-root

diff --git a/ChangeLog b/ChangeLog
index 76b960338..e2b8c464e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2006-12-14  Jim Meyering  <jim@meyering.net>
 
+	* NEWS: --preserve-root now works with chgrp, chmod, and chown.
+	* src/chmod.c (process_file): Do honor the --preserve-root option.
+	* src/chown-core.c (change_file_owner): Likewise, but here, also
+	handle the case in which a traversal would go "through" a symlink
+	to root.  Reported by Matthew M. Boedicker
+	* tests/chown/preserve-root: Test for the above.
+	* tests/chown/Makefile.am (TESTS): Add preserve-root.
+
 	* NEWS: Mention the chmod fix induced by the 2006-12-11 change
 	to gnulib's m4/openat.m4.
 
diff --git a/NEWS b/NEWS
index 014ccdd8f..528c2b024 100644
--- a/NEWS
+++ b/NEWS
@@ -4,10 +4,12 @@ GNU coreutils NEWS                                    -*- outline -*-
 
 ** Bug fixes
 
+  chgrp, chmod, and chown now honor the --preserve-root option.
+  Before, they would warn, yet continuing traversing and operating on /.
+
   chmod no longer fails in an environment (e.g., a chroot) with openat
   support but with insufficient /proc support.
 
-
 * Noteworthy changes in release 6.7 (2006-12-08) [stable]
 
 ** Bug fixes
diff --git a/src/chmod.c b/src/chmod.c
index 7858c0a66..028c882d0 100644
--- a/src/chmod.c
+++ b/src/chmod.c
@@ -228,6 +228,10 @@ process_file (FTS *fts, FTSENT *ent)
   if (ok && ROOT_DEV_INO_CHECK (root_dev_ino, file_stats))
     {
       ROOT_DEV_INO_WARN (file_full_name);
+      /* Tell fts not to traverse into this hierarchy.  */
+      fts_set (fts, ent, FTS_SKIP);
+      /* Ensure that we do not process "/" on the second visit.  */
+      ent = fts_read (fts);
       ok = false;
     }
 
diff --git a/src/chown-core.c b/src/chown-core.c
index 69345ccf8..606db39ea 100644
--- a/src/chown-core.c
+++ b/src/chown-core.c
@@ -258,7 +258,19 @@ change_file_owner (FTS *fts, FTSENT *ent,
     {
     case FTS_D:
       if (chopt->recurse)
-	return true;
+	{
+	  if (ROOT_DEV_INO_CHECK (chopt->root_dev_ino, ent->fts_statp))
+	    {
+	      /* This happens e.g., with "chown -R --preserve-root /".  */
+	      ROOT_DEV_INO_WARN (file_full_name);
+	      /* Tell fts not to traverse into this hierarchy.  */
+	      fts_set (fts, ent, FTS_SKIP);
+	      /* Ensure that we do not process "/" on the second visit.  */
+	      ent = fts_read (fts);
+	      return false;
+	    }
+	  return true;
+	}
       break;
 
     case FTS_DP:
@@ -337,15 +349,11 @@ change_file_owner (FTS *fts, FTSENT *ent,
 		      || required_gid == file_stats->st_gid));
     }
 
-  if (do_chown
-      /* With FTS_NOSTAT, file_stats is valid only for directories.
-	 Don't need to check for FTS_D, since it is handled above,
-	 and same for FTS_DNR, since then do_chown is false.  */
-      && (ent->fts_info == FTS_DP || ent->fts_info == FTS_DC)
-      && ROOT_DEV_INO_CHECK (chopt->root_dev_ino, file_stats))
+  /* This happens when chown -LR --preserve-root encounters a symlink-to-/.  */
+  if (ROOT_DEV_INO_CHECK (chopt->root_dev_ino, file_stats))
     {
       ROOT_DEV_INO_WARN (file_full_name);
-      ok = do_chown = false;
+      return false;
     }
 
   if (do_chown)
diff --git a/tests/chown/Makefile.am b/tests/chown/Makefile.am
index bee0d5423..73bf483df 100644
--- a/tests/chown/Makefile.am
+++ b/tests/chown/Makefile.am
@@ -2,6 +2,7 @@
 AUTOMAKE_OPTIONS = 1.4 gnits
 
 TESTS = \
+  preserve-root \
   basic \
   deref \
   separator
diff --git a/tests/chown/preserve-root b/tests/chown/preserve-root
new file mode 100755
index 000000000..152f59c30
--- /dev/null
+++ b/tests/chown/preserve-root
@@ -0,0 +1,70 @@
+#!/bin/sh
+# Verify that --preserve-root works.
+
+# Copyright (C) 2006 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+if test "$VERBOSE" = yes; then
+  set -x
+  chown --version
+fi
+
+. $srcdir/../envvar-check
+. $srcdir/../lang-default
+PRIV_CHECK_ARG=require-non-root . $srcdir/../priv-check
+
+pwd=`pwd`
+t0=`echo "$0"|sed 's,.*/,,'`.tmp; tmp=$t0/$$
+trap 'status=$?; cd "$pwd" && chmod -R u+rwx $t0 && rm -rf $t0 && exit $status' 0
+trap '(exit $?); exit $?' 1 2 13 15
+
+framework_failure=0
+mkdir -p $tmp || framework_failure=1
+cd $tmp || framework_failure=1
+mkdir d && ln -s / d/slink-to-root
+
+if test $framework_failure = 1; then
+  echo "$0: failure in testing framework" 1>&2
+  (exit 1); exit 1
+fi
+
+fail=0
+
+# Even if --preserve-root were to malfunction, allowing the chown or
+# chgrp to traverse through "/", since we're running as non-root,
+# they would be very unlikely to cause any changes.
+chown -R --preserve-root 0 / >  out 2>&1 && fail=1
+chgrp -R --preserve-root 0 / >> out 2>&1 && fail=1
+
+# Here, if --preserve-root were to malfunction, chmod could make changes,
+# but only to files owned and unreadable by the user running this test,
+# and then, only to make them readable by owner.
+chmod -R --preserve-root u+r / >> out 2>&1 && fail=1
+
+cat <<\EOF > exp || fail=1
+chown: it is dangerous to operate recursively on `/'
+chown: use --no-preserve-root to override this failsafe
+chgrp: it is dangerous to operate recursively on `/'
+chgrp: use --no-preserve-root to override this failsafe
+chmod: it is dangerous to operate recursively on `/'
+chmod: use --no-preserve-root to override this failsafe
+EOF
+
+cmp out exp || fail=1
+test $fail = 1 && diff out exp 2> /dev/null
+
+(exit $fail); exit $fail
-- 
2.11.4.GIT