home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.os.linux
- Path: sparky!uunet!gatech!bloom-beacon!bloom-picayune.mit.edu!daemon
- From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
- Subject: Re: clearing SUID bit on writes
- Message-ID: <1992Sep1.170221.17317@athena.mit.edu>
- Sender: daemon@athena.mit.edu (Mr Background)
- Reply-To: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
- Organization: The Internet
- Date: Tue, 1 Sep 1992 17:02:21 GMT
- Lines: 20
-
- From: vesseur@fwi.uva.nl (Joep JJ Vesseur)
- Date: Tue, 1 Sep 1992 09:11:47 GMT
-
- when appending to a file with S_ISUID bit set, linux keeps the
- 'bit up', while i think it's desirable that whenever anyone appends
- to such a file, the bit gets cleared. the same holds for S_ISGID
- bits. i don't know whether the behaviour of setuid files is defined
- somewhere (at least i can't find it in 'the design and implementation
- of the 4.3bsd unix operating system', i don't have docs on sysV);
- all i know is that SunOs clears the bit.
-
- When System V does is whenever you write to a setuid file (not just when
- you append to it), it clears the setuid and setgid bits. This prevents
- a security hole if you have a setuid program which is group or world
- writeable. I don't think anything would break if we added this behavior
- to Linux. On the other hand, there's a much simpler way of avoiding the
- security hole, which is to simply don't create group or world writeable
- setuid files.
-
- - Ted
-