home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.os.linux
- Path: sparky!uunet!munnari.oz.au!metro!socs.uts.edu.au!syzygy!pdhatchm
- From: pdhatchm@socs.uts.edu.au (Paul Hatchman)
- Subject: Re: clearing SUID bit on writes
- Message-ID: <pdhatchm.715665475@syzygy>
- Sender: news@socs.uts.edu.au
- Organization: Computing Sciences, Uni of Technology, Sydney.
- References: <1992Sep1.170221.17317@athena.mit.edu>
- Date: 5 Sep 92 03:57:55 GMT
- Lines: 28
-
- tytso@ATHENA.MIT.EDU (Theodore Ts'o) writes:
-
- >When System V does is whenever you write to a setuid file (not just when
- >you append to it), it clears the setuid and setgid bits. This prevents
- >a security hole if you have a setuid program which is group or world
- >writeable. I don't think anything would break if we added this behavior
- >to Linux. On the other hand, there's a much simpler way of avoiding the
- >security hole, which is to simply don't create group or world writeable
- >setuid files.
-
- I do not believe that this is the case. SunOs and the other sys V unixes I
- have used only clear the setuid / setgid bits when the file is written to by
- a user / group that does not *own* the file.
-
- eg if i have a file that is world writable, I own it and it is setuid.
- I can write to that fiel as much as I want and the permissions stay the same.
-
- Now as soon as someone else writes to the file, the setuid bit is cleared.
-
- I believe that this is the correct behaviour for setuid / setgid files and also
- a rather sensible way to go about things.
-
-
- --
- --------------------------------------------------------------------------------
- Paul Hatchman | <this line intentionally left blank>
- Systems Programmer, | pdhatchm@socs.uts.edu.au (prefered)
- Sydney Futures Exchange, Australia | paulh@uts.edu.au
-
