Hi, on man page of mv it is said: "When both source and destination are on the same filesystem, they are the same file (just the name is changed; owner, mode, timestamps remain unchanged). When they are on different filesystems, the source file is copied and then deleted. mv will copy modification time, access time, user and group ID, and mode if possible. When copying user and/or group ID fails, the setuid and setgid bits are cleared in the copy."
The last sentence (clearing setuid,setgid bits) doesn't seem to be true in the following testcase: [EMAIL PROTECTED] ~ $ mkdir temp [EMAIL PROTECTED] ~ $ su Password: gnelson nelson # mkdir /mnt/temp gnelson nelson # mount -o bind /home/nelson/temp /mnt/temp gnelson nelson # echo "hola" > hola.txt gnelson nelson # chown pedro:users hola.txt gnelson nelson # chmod u+s hola.txt gnelson nelson # exit exit [EMAIL PROTECTED] ~ $ ls -l hola.txt -rwSr--r-- 1 pedro users 5 ago 22 11:05 hola.txt [EMAIL PROTECTED] ~ $ whoami nelson [EMAIL PROTECTED] ~ $ mv hola.txt /mnt/temp [EMAIL PROTECTED] ~ $ ls -l /mnt/temp/hola.txt -rwSr--r-- 1 nelson users 5 ago 22 11:05 /mnt/temp/hola.txt [EMAIL PROTECTED] ~ $ - The mount -o bind is to simulate different filesystem/partitions so 'mv' fallbacks to copy instead of moving. - Substitute 'nelson' for your normal user and 'pedro' for other normal user of your system. As you can see 'mv' could not copy the uid of file /mnt/temp/hola.txt that now is owned by 'nelson' instead of 'pedro', that is correct because it's a copy operation but 'mv' has not cleared the setuid bit as it's mentioned in the man page and so this could lead to a security bug ?. PD: I have mv 5.2.1 on gentoo linux x86 with ext3 filesystem. _______________________________________________ Bug-coreutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-coreutils
