clearing SUID and SGID bits on non-root write
Bob Goudreau
goudreau at larrybud.rtp.dg.com
Thu Dec 6 11:53:58 AEST 1990
In article <1990Dec5.135759.12508 at noao.edu>, rstevens at noao.edu (Rich Stevens) writes:
>
> BSD-based systems (SunOS and 4.3BSD, for example) specifically state
> on the chmod(2) man page that a non-superuser process writing to a
> file automatically clears the SUID and SGID bits. That makes sense.
> But, in going through the SVID (Third Edition) and the SVR4 manuals,
> I can't find any reference to this feature. Do the AT&T Unices really
> not do this ?
Yup, it's true. System V has avoided this blemish from BSD.
But note that the SVID also mandates that a chown() will result in
the set-UID and set-GID bits being cleared (unless the process has
"appropriate privileges"). Otherwise, the system would have a gaping
security hole: I could create a file, chmod() it to mode 4755, chown()
it to root, and voila: I have a setuid root program!
----------------------------------------------------------------------
Bob Goudreau +1 919 248 6231
Data General Corporation goudreau at dg-rtp.dg.com
62 Alexander Drive ...!mcnc!rti!xyzzy!goudreau
Research Triangle Park, NC 27709, USA
More information about the Comp.unix.internals
mailing list