Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!helios!bcm!dimacs.rutgers.edu!seismo!uunet!samsung!noose.ecn.purdue.edu!mentor.cc.purdue.edu!sage.cc.purdue.edu!asg
From: asg@sage.cc.purdue.edu (The Grand Master)
Newsgroups: comp.unix.shell
Subject: Re: Retaining file permissions
Keywords: chmod, sed, awk... and good old *cat*!
Message-ID: <7120@mentor.cc.purdue.edu>
Date: 28 Feb 91 21:55:34 GMT
References: <6039@ptsfa.PacBell.COM> <1991Feb22.041826.201@athena.mit.edu> <1991Feb23.234242.812@am.sublink.org> <1991Feb26.153931.27251@athena.mit.edu> <21789@yunexus.YorkU.CA> <1991Feb28.205734.26484@athena.mit.edu>
Sender: news@mentor.cc.purdue.edu
Reply-To: asg@sage.cc.purdue.edu (The Grand Master)
Organization: Purdue University
Lines: 40

In article <1991Feb28.205734.26484@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes:
}
}  From write(2):
}
}     If the real user is not the super-user, then write clears
}     the set-user-id bit on a file.  This prevents penetration of
}     system security by a user who captures a writable set-user-
}     id file owned by the super-user.
}
}  If it only did it on executable files, then if there were a file on the disk
}that was setuid but not executable, a not-nice person could (a) figure out
}some way to write his own program into the file, and (b) use chmod to make it
}executable.  this defeats the purpose of the clearing of the set-user-id bit.

WAKE UP. You have got to be kidding. use chmod to make it executable???
If he could use chmod to make it executable, he could use chmod to turn
the suid bit on, which defeats the entire purpose of file ownership, 
system security, etc. 
Gee - I am glad you are not MY sysadmin
ANY modification to a suid file turns the suid bit off - this is handled
by the kernal. (unless root makes the modification). You cannot use cat,
cp, mv, write(2), or ANYTHING to keep the suid bit on. AHHHHGGG.
I am glad the designers of UNIX were not interested in doing this, 
or there would be NO security.
From the pages of chmod(2)
     Only the owner of a file (or the super-user) may change the
     mode.
So, if I can cat > file, then chmod it to executable, It must be
my file!!! In which case it is not really any risk to system security.

}
}-- 
}Jonathan Kamens			              USnail:
}MIT Project Athena				11 Ashford Terrace
}jik@Athena.MIT.EDU				Allston, MA  02134
}Office: 617-253-8085			      Home: 617-782-0710
And I thoug MIT taught people to think before they speak.

			The Grand Master
			   Bruce Varney