[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: chown clears suid bit!
From: |
Paul Eggert |
Subject: |
Re: chown clears suid bit! |
Date: |
Wed, 12 Apr 2006 23:11:35 -0700 |
User-agent: |
Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux) |
"Brian K. White" <address@hidden> writes:
> chown now clears the suid bit from files it acts upon.
This tends to be a property of the kernel, not of the chown
executable. You can verify this by running "strace chown user file"
on your GNU/Linux host. In the example below, the command "chown
eggert at" executed the chown32 system call as requested, but the
kernel decided to clear the setuid bit. Hence the bug (if there is
one) is in the kernel, not in coreutils.
penguin:/tmp# pwd
/tmp
penguin:/tmp# cp -p /usr/bin/at .
penguin:/tmp# ls -l at
-rwsr-xr-x 1 root root 34488 Jan 18 2002 at
penguin:/tmp# strace -o tr chown eggert at
penguin:/tmp# tail tr
munmap(0x40018000, 1130) = 0
close(3) = 0
lstat64("at", {st_mode=S_IFREG|S_ISUID|0755, st_size=34488, ...}) = 0
open(".", O_RDONLY|O_NONBLOCK|O_NOCTTY|O_LARGEFILE|O_DIRECTORY) = 3
fchdir(3) = 0
chown32("at", 1000, -1) = 0
fchdir(3) = 0
close(3) = 0
close(1) = 0
exit_group(0) = ?
penguin:/tmp# ls -l at
-rwxr-xr-x 1 eggert root 34488 Jan 18 2002 at