> > I always have thought that any good OS will reset any suid/sgid bits on a file > write. Such is the case for the Solaris 2.4 machine I tested this on. I think > any OS that doesn't do this has some deep design flaws. I've been back and forth on this with Sun. That the setuid and setgid bits are reset on *any* write, I consider a bug. I agree that the setuid bit must be reset if the process that is doing the writing has a uid/euid different from the owner of the file, and that the setgid must be reset if the writing process is not a member of the group of the file. Sun apparently agrees with your interpretation. I take issue with your "deep design flaws" comment, however. Although obviously a major security flaw, I'm not sure I'd categorize such a defect in such strong language. In fact, while I do not have my Lions book to verify it, I will hypothesize that the version you refer to in your signature exhibited the behaviour you condemn. I will give you that, in this decade, this type of defect may very well be indicative of the "deep design flaws" you refer to. Gregg Siegfried grs@claircom.com > Nathan Lawson | "One of the advantages of using UNIX to teach an operating > CSL 490 Admin | systems course is the sources and documentation will easily > 756-7180 @Work | fit into a students briefcase." -- John Lions (1976)