bug-coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chown clears suid bit!


From: Paul Eggert
Subject: Re: chown clears suid bit!
Date: Wed, 12 Apr 2006 23:11:35 -0700
User-agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux)

"Brian K. White" <address@hidden> writes:

> chown now clears the suid bit from files it acts upon.

This tends to be a property of the kernel, not of the chown
executable.  You can verify this by running "strace chown user file"
on your GNU/Linux host.  In the example below, the command "chown
eggert at" executed the chown32 system call as requested, but the
kernel decided to clear the setuid bit.  Hence the bug (if there is
one) is in the kernel, not in coreutils.

penguin:/tmp# pwd
/tmp
penguin:/tmp# cp -p /usr/bin/at .
penguin:/tmp# ls -l at
-rwsr-xr-x  1 root root 34488 Jan 18  2002 at
penguin:/tmp# strace -o tr chown eggert at
penguin:/tmp# tail tr
munmap(0x40018000, 1130)                = 0
close(3)                                = 0
lstat64("at", {st_mode=S_IFREG|S_ISUID|0755, st_size=34488, ...}) = 0
open(".", O_RDONLY|O_NONBLOCK|O_NOCTTY|O_LARGEFILE|O_DIRECTORY) = 3
fchdir(3)                               = 0
chown32("at", 1000, -1)                 = 0
fchdir(3)                               = 0
close(3)                                = 0
close(1)                                = 0
exit_group(0)                           = ?
penguin:/tmp# ls -l at
-rwxr-xr-x  1 eggert root 34488 Jan 18  2002 at




reply via email to

[Prev in Thread] Current Thread [Next in Thread]