Re: chgrp resets the setuid and getgid bits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ben Stringer kirjoitti viestissään (lähetysaika tiistai, 25. 
heinäkuuta 2006 12:44):
> I observed this today on an RHEL4 system, and it applies to
> Fedora also. I don't understand why this occurs - is it a
> security feature?

It behaves as defined in the Single Unix Specification: 
http://www.opengroup.org/onlinepubs/009695399/utilities/chgrp.html
"Unless chgrp is invoked by a process with appropriate 
privileges, the set-user-ID and set-group-ID bits of a regular 
file shall be cleared upon successful completion; the 
set-user-ID and set-group-ID bits of other file types may be 
cleared."
The reason is explained in the documentation of the chown() 
system call: 
http://www.opengroup.org/onlinepubs/009695399/functions/chown.html
"The POSIX.1-1990 standard requires that the chown() function 
invoked by a non-appropriate privileged process clear the 
S_ISGID and the S_ISUID bits for regular files, and permits them 
to be cleared for other types of files. This is so that changes 
in accessibility do not accidentally cause files to become 
security holes."

-- 
 Markku Kolkka
 markku.kolkka@xxxxxx


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux