Re: odd chown difference between 2.0 and 2.1pre kernels

Brandon S. Allbery KF8NH (allbery@kf8nh.apk.net)
Sun, 10 Jan 1999 20:25:58 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Soeren Todt: "who beats you to release 2.2.0 so early?"
Previous message: david parsons: "Re: us.kernel.org mirroring inconsistency"
Maybe in reply to: Joey Hess: "odd chown difference between 2.0 and 2.1pre kernels"

In message <19990109215152.C32046@kitenet.net>, Joey Hess writes:
+-----
| On a 2.1pre4 machine:
| root@kite:~>ls -l foo
| -rwsrw-r-- 1 root joey 0 Jan 9 17:13 foo*
| root@kite:~> chown root.root foo; ls -l foo
| -rwsrw-r-- 1 root root 0 Jan 9 17:13 foo*
+--->8

GAK!!! Security flaw here, methinks. chown should unconditionally clear
setuid and setgid.

-- brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net system administrator [WAY too many hats] allbery@ece.cmu.edu carnegie mellon / electrical and computer engineering KF8NH We are Linux. Resistance is an indication that you missed the point.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Soeren Todt: "who beats you to release 2.2.0 so early?"
Previous message: david parsons: "Re: us.kernel.org mirroring inconsistency"
Maybe in reply to: Joey Hess: "odd chown difference between 2.0 and 2.1pre kernels"