[PATCH] Re: suid bit behaviour modification in 2.6.0-test5
From: Andries . Brouwer
Date: Sun Sep 21 2003 - 07:57:36 EST
jpcartal@xxxxxxx writes:
I noticed that contrary to what was happening with 2.4.x kernel, suid
root files don't loose their suid bit when they get overwritten by a
normal user (see example below)
Is this the intended behaviour or a bug ?
Example :
[root@localhost test]# chown root ~cartaljp/test/suid_test
[root@localhost test]# chmod 4775 ~cartaljp/test/suid_test
[root@localhost test]# exit
[cartaljp@localhost test]$ cp /bin/ls suid_test
[cartaljp@localhost test]$ ls -l
total 72
-rwsrwxr-x 1 root cartaljp 67668 Sep 19 07:56 suid_test <-
Suid bit is still set whereas with 2.4.x kernel it was reset.
Yes. Here 2.4 had the terrible code
mode = (inode->i_mode & S_IXGRP)*(S_ISGID/S_IXGRP) | S_ISUID;
while 2.6 does things via notify_change().
However, in 2.6 notify_change() does not allow removal of the SUID bit
because you are not owner of the file :-).
So, we have to convince inode_change_ok() to do it anyway.
Below a patch.
Andries
diff -u --recursive --new-file -X /linux/dontdiff a/mm/filemap.c b/mm/filemap.c
--- a/mm/filemap.c Sat Aug 23 13:30:20 2003
+++ b/mm/filemap.c Sun Sep 21 13:55:38 2003
@@ -1437,7 +1437,7 @@
/* was any of the uid bits set? */
if (mode && !capable(CAP_FSETID)) {
- newattrs.ia_valid = ATTR_KILL_SUID | ATTR_KILL_SGID;
+ newattrs.ia_valid = ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_FORCE;
notify_change(dentry, &newattrs);
}
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/