From: tytso@ATHENA.MIT.EDU (Theodore Ts'o) Subject: Re: clearing SUID bit on writes Date: Tue, 1 Sep 1992 17:02:21 GMT
From: vesseur@fwi.uva.nl (Joep JJ Vesseur)
Date: Tue, 1 Sep 1992 09:11:47 GMT
when appending to a file with S_ISUID bit set, linux keeps the
'bit up', while i think it's desirable that whenever anyone appends
to such a file, the bit gets cleared. the same holds for S_ISGID
bits. i don't know whether the behaviour of setuid files is defined
somewhere (at least i can't find it in 'the design and implementation
of the 4.3bsd unix operating system', i don't have docs on sysV);
all i know is that SunOs clears the bit.
When System V does is whenever you write to a setuid file (not just when
you append to it), it clears the setuid and setgid bits. This prevents
a security hole if you have a setuid program which is group or world
writeable. I don't think anything would break if we added this behavior
to Linux. On the other hand, there's a much simpler way of avoiding the
security hole, which is to simply don't create group or world writeable
setuid files.
- Ted