From: pdhatchm@socs.uts.edu.au (Paul Hatchman) Subject: Re: clearing SUID bit on writes Date: 5 Sep 1992 03:57:55 GMT
tytso@ATHENA.MIT.EDU (Theodore Ts'o) writes:
>When System V does is whenever you write to a setuid file (not just when
>you append to it), it clears the setuid and setgid bits. This prevents
>a security hole if you have a setuid program which is group or world
>writeable. I don't think anything would break if we added this behavior
>to Linux. On the other hand, there's a much simpler way of avoiding the
>security hole, which is to simply don't create group or world writeable
>setuid files.
I do not believe that this is the case. SunOs and the other sys V unixes I
have used only clear the setuid / setgid bits when the file is written to by
a user / group that does not *own* the file.
eg if i have a file that is world writable, I own it and it is setuid.
I can write to that fiel as much as I want and the permissions stay the same.
Now as soon as someone else writes to the file, the setuid bit is cleared.
I believe that this is the correct behaviour for setuid / setgid files and also
a rather sensible way to go about things.