uutils coreutils cp Recursive Copy Vulnerability for Device Nodes

A vulnerability exists in the cp utility of uutils coreutils, specifically in version 0.7.0, regarding how it handles recursive copies of directories. When the -R option is used, cp incorrectly processes character and block device nodes as if they were regular files, leading to a loss of the original device semantics. This mismanagement can cause critical device nodes, such as /dev/null, to be overwritten with regular files, disrupting their intended functionality. The issue arises because uutils coreutils lacks the capability to properly recreate device nodes using the mknod command, a problem not present in GNU coreutils, which handles such files correctly by default.

Impact

This vulnerability can cause significant disruptions in environments where device nodes are crucial, such as chroot environments or container filesystems. The incorrect handling of device nodes can lead to runtime issues, including disk exhaustion or process hangs when dealing with unbounded device nodes.

Reproduction

To reproduce this vulnerability, create a temporary directory and use the mknod command to create a character device node. Then, perform a recursive copy of the directory containing the device node to a new location. After the copy, check the destination to see that the device node has been replaced with a regular file, thereby demonstrating the loss of device semantics.

Remediation

Users can update to uutils coreutils version 0.7.0, which includes a patch for this vulnerability. The updated version can be downloaded from the uutils coreutils GitHub releases page.