Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!uunet!zaphod.mps.ohio-state.edu!uwm.edu!ux1.cso.uiuc.edu!ux1.cso.uiuc.edu!bruner From: bruner@sp15.csrd.uiuc.edu (John Bruner) Newsgroups: comp.unix.internals Subject: Re: clearing SUID and SGID bits on non-root write Message-ID: Date: 5 Dec 90 16:02:35 GMT References: <1990Dec5.135759.12508@noao.edu> Sender: news@ux1.cso.uiuc.edu (News) Organization: CSRD, University of Illinois Lines: 20 In-Reply-To: rstevens@noao.edu's message of 5 Dec 90 13:57:59 GMT Clearing the SUID and SGID bits when the file is written is a hack. I recall asking someone at Berkeley about this many years ago. There were problems with the mailer involving the ability to write setuid files. They couldn't fix it in the mailer, so they decided to "fix" it in the kernel. The original implementation cleared the SUID/SGID bits on a write by anyone. The exception for root was made later because so many install scripts, etc. were broken by the change. A better fix would be to clear the bits only if the writer is not the owner or member of the group (e.g., if the file is mode 4775, clear the SUID bit if it is written by someone other than the owner; if 2777, clear the SGID bit if written by someone who doesn't belong to the same group). However, the current behavior protects novice users from themselves -- I've seen new UNIX users try to share accounts by creating mode 4777 programs for each other. I have no idea what POSIX does. -- John Bruner Center for Supercomputing R&D, University of Illinois bruner@csrd.uiuc.edu (217) 244-4476