clearing SUID and SGID bits on non-root write

[John Bruner]

Clearing the SUID and SGID bits when the file is written is a hack.  I
recall asking someone at Berkeley about this many years ago.  There
were problems with the mailer involving the ability to write setuid
files.  They couldn't fix it in the mailer, so they decided to "fix"
it in the kernel.  The original implementation cleared the SUID/SGID
bits on a write by anyone.  The exception for root was made later
because so many install scripts, etc. were broken by the change.

A better fix would be to clear the bits only if the writer is not the
owner or member of the group (e.g., if the file is mode 4775, clear
the SUID bit if it is written by someone other than the owner; if
2777, clear the SGID bit if written by someone who doesn't belong to
the same group).  However, the current behavior protects novice users
from themselves -- I've seen new UNIX users try to share accounts by
creating mode 4777 programs for each other.

I have no idea what POSIX does.
--
John Bruner	Center for Supercomputing R&D, University of Illinois
	bruner at csrd.uiuc.edu		(217) 244-4476