Re: odd chown difference between 2.0 and 2.1pre kernels

Stephen C. Tweedie (sct@redhat.com)
Tue, 12 Jan 1999 14:51:32 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gregory Maxwell: "Re: US relaxes crypto restrictions?"
Previous message: Edward S. Marshall: "Re: Qmail for Vger campaign :)"
In reply to: Alan Cox: "Re: odd chown difference between 2.0 and 2.1pre kernels"
Next in thread: Miquel van Smoorenburg: "Re: odd chown difference between 2.0 and 2.1pre kernels"

Hi,

On Mon, 11 Jan 1999 15:40:02 +0000 (GMT), alan@lxorguk.ukuu.org.uk
(Alan Cox) said:

>> In message <19990109215152.C32046@kitenet.net>, Joey Hess writes:

>> GAK!!! Security flaw here, methinks. chown should unconditionally clear
>> setuid and setgid.

> Except when done by root

Is there any consensus on this? According to singleunix, suid and
sgid on regular files get cleared unconditionally except when the
caller has "appropriate privileges", but in that case the behaviour is
implementation-defined. What do other unixen do in this case?

--Stephen

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Gregory Maxwell: "Re: US relaxes crypto restrictions?"
Previous message: Edward S. Marshall: "Re: Qmail for Vger campaign :)"
In reply to: Alan Cox: "Re: odd chown difference between 2.0 and 2.1pre kernels"
Next in thread: Miquel van Smoorenburg: "Re: odd chown difference between 2.0 and 2.1pre kernels"