recursive_action: add depth param

chmod: match coreutils versus following links

1 files changed, 76 insertions, 22 deletions

diff --git a/coreutils/chmod.c b/coreutils/chmod.c
index c4f8fa0b2..b601504f8 100644
--- a/coreutils/chmod.c
+++ b/coreutils/chmod.c
@@ -20,9 +20,9 @@
 #define OPT_VERBOSE (USE_DESKTOP(option_mask32 & 2) SKIP_DESKTOP(0))
 #define OPT_CHANGED (USE_DESKTOP(option_mask32 & 4) SKIP_DESKTOP(0))
 #define OPT_QUIET   (USE_DESKTOP(option_mask32 & 8) SKIP_DESKTOP(0))
-#define OPT_STR     ("-R" USE_DESKTOP("vcf"))
+#define OPT_STR     "R" USE_DESKTOP("vcf")
 
-/* TODO:
+/* coreutils:
  * chmod never changes the permissions of symbolic links; the chmod
  * system call cannot change their permissions. This is not a problem
  * since the permissions of symbolic links are never used.
@@ -31,19 +31,26 @@
  * symbolic links encountered during recursive directory traversals.
  */
 
-static int fileAction(const char *fileName, struct stat *statbuf, void* junk)
+static int fileAction(const char *fileName, struct stat *statbuf, void* junk, int depth)
 {
-        mode_t newmode = statbuf->st_mode;
+        mode_t newmode;
 
-        // TODO: match GNU behavior:
-        // if (depth > 0 && S_ISLNK(statbuf->st_mode)) return TRUE;
-        // if (depth == 0) follow link
+        /* match coreutils behavior */
+        if (depth == 0) {
+                /* statbuf holds lstat result, but we need stat (follow link) */
+                if (stat(fileName, statbuf))
+                        goto err;
+        } else { /* depth > 0: skip links */
+                if (S_ISLNK(statbuf->st_mode))
+                        return TRUE;
+        }
+        newmode = statbuf->st_mode;
 
         if (!bb_parse_mode((char *)junk, &newmode))
                 bb_error_msg_and_die("invalid mode: %s", (char *)junk);
 
-        if (chmod(fileName, statbuf->st_mode) == 0) {
-                if (OPT_VERBOSE /* -v verbose? or -c changed? */
+        if (chmod(fileName, newmode) == 0) {
+                if (OPT_VERBOSE
                  || (OPT_CHANGED && statbuf->st_mode != newmode)
                 ) {
                         printf("mode of '%s' changed to %04o (%s)\n", fileName,
@@ -51,7 +58,8 @@ static int fileAction(const char *fileName, struct stat *statbuf, void* junk)
                 }
                 return TRUE;
         }
-        if (!OPT_QUIET) /* not silent (-f)? */
+ err:
+        if (!OPT_QUIET)
                 bb_perror_msg("%s", fileName);
         return FALSE;
 }
@@ -62,30 +70,33 @@ int chmod_main(int argc, char **argv)
         char *arg, **argp;
         char *smode;
 
-        /* Convert first encountered -r into a-r, -w into a-w etc */
-        argp = argv + 1;
-        while ((arg = *argp)) {
+        /* Convert first encountered -r into ar, -w into aw etc
+         * so that getopt would not eat it */
+        argp = argv;
+        while ((arg = *++argp)) {
                 /* Mode spec must be the first arg (sans -R etc) */
                 /* (protect against mishandling e.g. "chmod 644 -r") */
-                if (arg[0] != '-')
+                if (arg[0] != '-') {
+                        arg = NULL;
                         break;
+                }
                 /* An option. Not a -- or valid option? */
-                if (arg[1] && !strchr(OPT_STR, arg[1])) {
-                        argp[0] = xasprintf("a%s", arg);
+                if (arg[1] && !strchr("-"OPT_STR, arg[1])) {
+                        arg[0] = 'a';
                         break;
                 }
-                argp++;
         }
-        /* "chmod -rzzz abc" will say "invalid mode: a-rzzz"!
-         * It is easily fixable, but deemed not worth the code */
 
+        /* Paerse options */
         opt_complementary = "-2";
-        getopt32(argc, argv, OPT_STR + 1); /* Reuse string */
+        getopt32(argc, argv, ("-"OPT_STR) + 1); /* Reuse string */
         argv += optind;
 
-        smode = *argv++;
+        /* Restore option-like mode if needed */
+        if (arg) arg[0] = '-';
 
         /* Ok, ready to do the deed now */
+        smode = *argv++;
         do {
                 if (!recursive_action(*argv,
                                 OPT_RECURSE,    // recurse
@@ -93,7 +104,8 @@ int chmod_main(int argc, char **argv)
                                 FALSE,          // depth first
                                 fileAction,     // file action
                                 fileAction,     // dir action
-                                smode)          // user data
+                                smode,          // user data
+                                0)              // depth
                 ) {
                         retval = EXIT_FAILURE;
                 }
@@ -101,3 +113,45 @@ int chmod_main(int argc, char **argv)
 
         return retval;
 }
+
+/*
+Security: chmod is too important and too subtle.
+This is a test script (busybox chmod versus coreutils).
+Run it in empty dir. Probably requires bash.
+
+#!/bin/sh
+function create() {
+    rm -rf $1; mkdir $1
+    (
+    cd $1 || exit 1
+    mkdir dir
+    >up
+    >file
+    >dir/file
+    ln -s dir linkdir
+    ln -s file linkfile
+    ln -s ../up dir/up
+    )
+}
+function test() {
+    (cd test1; $t1 $1)
+    (cd test2; $t2 $1)
+    (cd test1; ls -lR) >out1
+    (cd test2; ls -lR) >out2
+    echo "chmod $1" >out.diff
+    if ! diff -u out1 out2 >>out.diff; then exit 1; fi
+    mv out.diff out1.diff
+}
+t1="/tmp/busybox chmod"
+t2="/usr/bin/chmod"
+create test1; create test2
+test "a+w file"
+test "a-w dir"
+test "a+w linkfile"
+test "a-w linkdir"
+test "-R a+w file"
+test "-R a-w dir"
+test "-R a+w linkfile"
+test "-R a-w linkdir"
+test "a-r,a+x linkfile"
+*/