Hi,
in minixfs the suid bit is not removed, if a file is written to by an ordinary
user. I took the code in question from ext2.
Regards
Oliver Neukum
--- linux/fs/minix/file.c.alt Wed Dec 15 18:08:55 1999
+++ linux/fs/minix/file.c Wed Dec 15 18:25:42 1999
@@ -26,14 +26,36 @@
#include <linux/fs.h>
#include <linux/minix_fs.h>
+static inline void remove_suid(struct inode *inode)
+{
+ unsigned int mode;
+
+ /* set S_IGID if S_IXGRP is set, and always set S_ISUID */
+ mode = (inode->i_mode & S_IXGRP)*(S_ISGID/S_IXGRP) | S_ISUID;
+
+ /* was any of the uid bits set? */
+ mode &= inode->i_mode;
+ if (mode && !capable(CAP_FSETID))
+ inode->i_mode &= ~mode;
+}
+
/*
* Write to a file (through the page cache).
*/
static ssize_t
minix_file_write(struct file *file, const char *buf, size_t count, loff_t *ppos)
{
- return generic_file_write(file, buf, count,
+ ssize_t retval;
+
+ retval = generic_file_write(file, buf, count,
ppos, block_write_partial_page);
+ if (retval > 0) {
+ struct inode *inode = file->f_dentry->d_inode;
+ remove_suid(inode);
+ inode->i_ctime = inode->i_mtime = CURRENT_TIME;
+ mark_inode_dirty(inode);
+ }
+ return retval;
}
/*
