-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Brian K. White on 4/12/2006 5:33 PM: > > Skipping all the blind alleys I chased down, the end result was that > chown now clears the suid bit from files it acts upon. > > As the man page doesn't mention this, and it's certainly new behaviour, > and certainly deviant from every other unix, > I submit that it should not do this.
Thanks for the report. However, the behavior you described is required by POSIX, http://www.opengroup.org/onlinepubs/009695399/utilities/chown.html: "Unless chown is invoked by a process with appropriate privileges, the set-user-ID and set-group-ID bits of a regular file shall be cleared upon successful completion; the set-user-ID and set-group-ID bits of other file types may be cleared." coreutils respects the semantics of the underlying kernel chown(2) call to determine whether the process has appropriate privileges. Furthermore, this behavior closes a potential security hole where someone could gain system privileges by chown'ing a suid executable. And while it is true that the behavior of 5.94 is slightly different than that of the last stable release (5.2.1), this was documented in the NEWS file for the intermediate 5.3.0: Several fixes to chgrp and chown for compatibility with POSIX and BSD: Do not optimize away the chown() system call when the file's owner and group already have the desired value. This optimization was incorrect, as it failed to update the last-changed time and reset special permission bits, as POSIX requires. - -- Life is short - so eat dessert first! Eric Blake [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEPcTb84KuGfSFAYARAsPuAJ43QulQQzjlhZ3kqePKyYYGtn0SWwCdEZzg ZN5GAIxUU22PnjR/afHDzuQ= =Vqiy -----END PGP SIGNATURE----- _______________________________________________ Bug-coreutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-coreutils
