[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chown clears suid bit!

From: Eric Blake
Subject: Re: chown clears suid bit!
Date: Wed, 12 Apr 2006 21:26:19 -0600
User-agent: Thunderbird 1.5 (Windows/20051201)

Hash: SHA1

According to Brian K. White on 4/12/2006 5:33 PM:
> Skipping all the blind alleys I chased down, the end result was that
> chown now clears the suid bit from files it acts upon.
> As the man page doesn't mention this, and it's certainly new behaviour,
> and certainly deviant from every other unix,
> I submit that it should not do this.

Thanks for the report.  However, the behavior you described is required by
POSIX, http://www.opengroup.org/onlinepubs/009695399/utilities/chown.html:
"Unless chown is invoked by a process with appropriate privileges, the
set-user-ID and set-group-ID bits of a regular file shall be cleared upon
successful completion; the set-user-ID and set-group-ID bits of other file
types may be cleared."

coreutils respects the semantics of the underlying kernel chown(2) call to
determine whether the process has appropriate privileges.  Furthermore,
this behavior closes a potential security hole where someone could gain
system privileges by chown'ing a suid executable.  And while it is true
that the behavior of 5.94 is slightly different than that of the last
stable release (5.2.1), this was documented in the NEWS file for the
intermediate 5.3.0:

  Several fixes to chgrp and chown for compatibility with POSIX and BSD:

    Do not optimize away the chown() system call when the file's owner
    and group already have the desired value.  This optimization was
    incorrect, as it failed to update the last-changed time and reset
    special permission bits, as POSIX requires.

- --
Life is short - so eat dessert first!

Eric Blake             address@hidden
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


reply via email to

[Prev in Thread] Current Thread [Next in Thread]