Re: odd chown difference between 2.0 and 2.1pre kernels

Brandon S. Allbery KF8NH (allbery@kf8nh.apk.net)
Mon, 11 Jan 1999 18:57:52 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: William Stearns: "Re: (My) SMP lameness?"
Previous message: Mike A. Harris: "Re: [Off-Topic] Distribution 2.2-ready"
Maybe in reply to: Joey Hess: "odd chown difference between 2.0 and 2.1pre kernels"
Next in thread: Tom Eastep: "Re: odd chown difference between 2.0 and 2.1pre kernels"

In message <m0zzjRk-0007U2C@the-village.bc.nu>, Alan Cox writes:
+-----
| > In message <19990109215152.C32046@kitenet.net>, Joey Hess writes:
| > | On a 2.1pre4 machine:
| > | root@kite:~>ls -l foo
| > | -rwsrw-r-- 1 root joey 0 Jan 9 17:13 foo*
| > | root@kite:~> chown root.root foo; ls -l foo
| > | -rwsrw-r-- 1 root root 0 Jan 9 17:13 foo*
| >
| > GAK!!! Security flaw here, methinks. chown should unconditionally clear
| > setuid and setgid.
|
| Except when done by root
+--->8

Especially when done by root, I'd think. Less risk of inadvertently opening
a security hole --- if I want the thing set[ug]id I should have to
explicitly make it so.

-- brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net system administrator [WAY too many hats] allbery@ece.cmu.edu carnegie mellon / electrical and computer engineering KF8NH We are Linux. Resistance is an indication that you missed the point.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: William Stearns: "Re: (My) SMP lameness?"
Previous message: Mike A. Harris: "Re: [Off-Topic] Distribution 2.2-ready"
Maybe in reply to: Joey Hess: "odd chown difference between 2.0 and 2.1pre kernels"
Next in thread: Tom Eastep: "Re: odd chown difference between 2.0 and 2.1pre kernels"