Re: chown clears suid bit!

Thu, 13 Apr 2006 01:39:11 -0700

Well that does explain why it didn't matter whether I used a shells built-in chown like ksh93, or /bin/chown it always acted the same.
Your explanations do make sense but it sure was a surprise is all. I wasn't bs'ing when I said the same script has been unchanged for years, and worked on several platforms, including linux, for years. Perhaps the fact that it's always root that runs this, and previously (or still on other platforms) root was treated specially? Maybe it's still supposed to do that and there is a kernel bug now that decides even root shouldn't be allowed to chown a file without clearing any suid? Also there's the fact that 99% of the time the chown commands in this particular script end up being no-ops because the script is intended to correct errors, and normally all the files would already be what the script wants, and maybe previously in the case of a no-op it really did (what I think) the more sensible thing, nothing. 


Anyways. As long as it's documented and can be counted on not to change (any 
more), then it's fine...

Thanks much

Brian K. White  --  [EMAIL PROTECTED]  --  http://www.aljex.com/bkw/
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro  BBx    Linux  SCO  FreeBSD    #callahans  Satriani  Filk!



----- Original Message ----- 
From: "Paul Eggert" <[EMAIL PROTECTED]>

To: "Brian K. White" <[EMAIL PROTECTED]>
Cc: <bug-coreutils@gnu.org>
Sent: Thursday, April 13, 2006 2:11 AM
Subject: Re: chown clears suid bit!



"Brian K. White" <[EMAIL PROTECTED]> writes:


chown now clears the suid bit from files it acts upon.


This tends to be a property of the kernel, not of the chown
executable.  You can verify this by running "strace chown user file"
on your GNU/Linux host.  In the example below, the command "chown
eggert at" executed the chown32 system call as requested, but the
kernel decided to clear the setuid bit.  Hence the bug (if there is
one) is in the kernel, not in coreutils.

penguin:/tmp# pwd
/tmp
penguin:/tmp# cp -p /usr/bin/at .
penguin:/tmp# ls -l at
-rwsr-xr-x  1 root root 34488 Jan 18  2002 at
penguin:/tmp# strace -o tr chown eggert at
penguin:/tmp# tail tr
munmap(0x40018000, 1130)                = 0
close(3)                                = 0
lstat64("at", {st_mode=S_IFREG|S_ISUID|0755, st_size=34488, ...}) = 0
open(".", O_RDONLY|O_NONBLOCK|O_NOCTTY|O_LARGEFILE|O_DIRECTORY) = 3
fchdir(3)                               = 0
chown32("at", 1000, -1)                 = 0
fchdir(3)                               = 0
close(3)                                = 0
close(1)                                = 0
exit_group(0)                           = ?
penguin:/tmp# ls -l at
-rwxr-xr-x  1 eggert root 34488 Jan 18  2002 at





_______________________________________________
Bug-coreutils mailing list
Bug-coreutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-coreutils






















					Reply via email to