Re: odd chown difference between 2.0 and 2.1pre kernels

Raul Miller (rdm@test.legislate.com)
Tue, 12 Jan 1999 07:49:41 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: 2.2.0p7: fix to ioperm() ranges also needed"
Previous message: Aaron Denney: "[PATCH] NFS client handling of FIFOs."
In reply to: Alan Cox: "Re: odd chown difference between 2.0 and 2.1pre kernels"
Next in thread: Alan Cox: "Re: [PATCH] NFS client handling of FIFOs."
Reply: Alan Cox: "Re: [PATCH] NFS client handling of FIFOs."

Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:
> > GAK!!! Security flaw here, methinks. chown should unconditionally clear
> > setuid and setgid.
>
> Except when done by root

Race condition if you can figure out what root is doing -- just setuid
between time root examines files and chown.

Alternatively, security bug if chown is used in a script written under
2.0 (which relies on the current behavior).

-- Raul

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: 2.2.0p7: fix to ioperm() ranges also needed"
Previous message: Aaron Denney: "[PATCH] NFS client handling of FIFOs."
In reply to: Alan Cox: "Re: odd chown difference between 2.0 and 2.1pre kernels"
Next in thread: Alan Cox: "Re: [PATCH] NFS client handling of FIFOs."
Reply: Alan Cox: "Re: [PATCH] NFS client handling of FIFOs."