Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!husc6!seismo!mcnc!gatech!mcdchg!heiby From: heiby@mcdchg.UUCP Newsgroups: comp.unix.wizards,comp.unix.questions Subject: Re: UNIX file setuid sucurity hole? Message-ID: <239@mcdchg.UUCP> Date: Fri, 13-Mar-87 15:51:18 EST Article-I.D.: mcdchg.239 Posted: Fri Mar 13 15:51:18 1987 Date-Received: Sat, 14-Mar-87 11:47:10 EST References: <2168@ncoast.UUCP> <695@aw.sei.cmu.edu.sei.cmu.edu> Sender: usenet@mcdchg.UUCP Reply-To: heiby@mcdchg.UUCP (-Ron Heiby) Distribution: world Organization: Motorola Microcomputer, Schaumburg, IL Lines: 38 Xref: utgpu comp.unix.wizards:1371 comp.unix.questions:1362 In article <695@aw.sei.cmu.edu.sei.cmu.edu> pdb@sei.cmu.edu.UUCP (Pat Barron) writes: > >Of course, if you are running on a system which does allow random users to >use chown (I've never heard of such a beastie, but just for the sake of >argument...), I'd have have chown clear the 6000 bits of a file's protection >as part of the chown process (and, of course, you couldn't reset them, since >you can't chmod a file you don't own....) I've heard of "such a beastie". It's called System V, and yes, it does clear the 6000 bits of the permissions. Quoting now from the "System V Interface Definition", Issue 2, Volume II, page 138: The command "chown" changes the owner of the "files" to "owner". The owner may be either a decimal user ID or a login name found in the password file. The command "chgrp" changes the group ID of the "files" to "group". The group may be either a decimal group ID or a group name found in the group file. If either command is invoked by other than the super-user, the set-user-ID and set-group-ID bits of the file mode will be cleared. This follows implicitly from the description of the "chown(BA_OS)" call, described in Volume I on page 65. Yes, System V and 4bsd have a different opinion of what should be done with chown by a non-super-user. No, I don't want to get into a religious argument. Yes, it will have to be worked out in the efforts to merge the two implementations. No, I don't know what they're going to do. BTW, this is also stated in almost identical language in the System V User's Reference. RTFM! -- Ron Heiby, mcdchg!heiby Moderator: mod.newprod & mod.os.unix Motorola Microcomputer Division (MCD), Schaumburg, IL "Save your energy. Save yourselves. Avoid the planet 'cuae2' at all costs!"