Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!husc6!rutgers!cbmvax!vu-vlsi!devon!paul
From: paul@devon.UUCP (Paul Sutcliffe Jr.)
Newsgroups: comp.unix.wizards,comp.unix.questions
Subject: Re: UNIX file setuid sucurity hole?
Message-ID: <233@devon.UUCP>
Date: Mon, 16-Mar-87 23:21:04 EST
Article-I.D.: devon.233
Posted: Mon Mar 16 23:21:04 1987
Date-Received: Wed, 18-Mar-87 06:08:29 EST
References: <2168@ncoast.UUCP> <695@aw.sei.cmu.edu.sei.cmu.edu>
Reply-To: paul@devon.UUCP (Paul Sutcliffe Jr.)
Distribution: world
Organization: Devon Computer Services, Allentown, PA
Lines: 27
Summary: Xenix chown does this
Xref: mnetor comp.unix.wizards:1474 comp.unix.questions:1466

In article <695@aw.sei.cmu.edu.sei.cmu.edu> pdb@sei.cmu.edu.UUCP (Pat Barron)
writes: [ reguarding the chown command ]
> Of course, if you are running on a system which does allow random users to
> use chown (I've never heard of such a beastie, but just for the sake of
> argument...), I'd have have chown clear the 6000 bits of a file's protection
> as part of the chown process (and, of course, you couldn't reset them, since
> you can't chmod a file you don't own....)

Can't speak for all Un*x systems (how *do* you say the plural of Unix!),
but Xenix's chown does this.

Quoting from the manual:

"If chown is invoked by other than the super-user, the set-user-ID and
set-group-ID bits of the file mode, 04000 and 02000 respectively, will
be cleared."

Also, you must either be the super-user or the owner of the file in
order to chown it.

- paul

-- 
Paul Sutcliffe, Jr.	    paul@devon.UUCP	(or, if you prefer:)
Devon Computer Services	    {seismo,ihnp4,allegra,rutgers}!cbmvax!devon!paul
Allentown, PA
		"I love work.  I could sit and watch people do it all day!"