Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!dalcs!dalcsug!kdavies
From: kdavies@dalcsug.UUCP
Newsgroups: comp.unix.wizards,comp.unix.questions
Subject: Re: UNIX file setuid sucurity hole?
Message-ID: <14@dalcsug.UUCP>
Date: Sun, 15-Mar-87 11:37:58 EST
Article-I.D.: dalcsug.14
Posted: Sun Mar 15 11:37:58 1987
Date-Received: Sun, 15-Mar-87 19:35:37 EST
References: <2168@ncoast.UUCP> <1772@hi.uucp>
Reply-To: kdavies@dalcsug.UUCP (Kevin Davies)
Distribution: world
Organization: Dalhousie University, Halifax, N.S., Canada
Lines: 21
Keywords: chown chmod setuid
Xref: utgpu comp.unix.wizards:1397 comp.unix.questions:1380

In article <1772@hi.uucp> josh@hi.UUCP (Josh Siegel) writes:
>
>I cannot be sure but don't you have to be root to use chown?
>

Under Xenix 5, I believe BSD does as well, chown can be
executed by anyone, BUT, when they do a chown on a file,
any setuid permissions on the file are cleared when it
puts in the new owner. Then only the NEW owner can
set the setuid again.

Not sure what happens if there is a setgid, and the original owner
and the new owner are of different groups. I would suspect that it
would clear the setgid bits (but we can't _assume_ around here :-)

---------------------------------------------------------------
Kevin Davies	 ...{seismo|watmath|utai|garfield} !dalcs!dalcsug!kdavies

Kirk :  "Spock, I do wish you'd stop using those colourful metaphors"
Spock:  "The _hell_ I will, Captain"
---------------------------------------------------------------