Re: odd chown difference between 2.0 and 2.1pre kernels

Miquel van Smoorenburg (miquels@cistron.nl)
11 Jan 1999 17:51:54 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alexandre Hautequest: "Re: trouble burning _audio_ CDs"
Previous message: Alan Cox: "Re: Article: IBM wants to "clean up the license" of Linux"
In reply to: Soeren Todt: "who beats you to release 2.2.0 so early?"

In article <cistron.199901110125.UAA24076@rushlight.kf8nh.apk.net>,
Brandon S. Allbery KF8NH <allbery@kf8nh.apk.net> wrote:
>In message <19990109215152.C32046@kitenet.net>, Joey Hess writes:
>+-----
>| On a 2.1pre4 machine:
>| root@kite:~>ls -l foo
>| -rwsrw-r-- 1 root joey 0 Jan 9 17:13 foo*
>| root@kite:~> chown root.root foo; ls -l foo
>| -rwsrw-r-- 1 root root 0 Jan 9 17:13 foo*
>+--->8
>
>GAK!!! Security flaw here, methinks. chown should unconditionally clear
>setuid and setgid.

Not unconditionally. It should only happen on regular files and not
directories. Now 2.0.x and 2.1.x cleared the setuid/setgid bit on
directories too, and that got fixed. However it looks like it
got fixed a bit too much :/

Mike.

-- Indifference will certainly be the downfall of mankind, but who cares?

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Alexandre Hautequest: "Re: trouble burning _audio_ CDs"
Previous message: Alan Cox: "Re: Article: IBM wants to "clean up the license" of Linux"
In reply to: Soeren Todt: "who beats you to release 2.2.0 so early?"