Re: chgrp resets the setuid and getgid bits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ben Stringer kirjoitti viestissään (lähetysaika tiistai, 25. 
heinäkuuta 2006 12:44):
> I observed this today on an RHEL4 system, and it applies to
> Fedora also. I don't understand why this occurs - is it a
> security feature?

It behaves as defined in the Single Unix Specification: 
http://www.opengroup.org/onlinepubs/009695399/utilities/chgrp.html
"Unless chgrp is invoked by a process with appropriate 
privileges, the set-user-ID and set-group-ID bits of a regular 
file shall be cleared upon successful completion; the 
set-user-ID and set-group-ID bits of other file types may be 
cleared."
The reason is explained in the documentation of the chown() 
system call: 
http://www.opengroup.org/onlinepubs/009695399/functions/chown.html
"The POSIX.1-1990 standard requires that the chown() function 
invoked by a non-appropriate privileged process clear the 
S_ISGID and the S_ISUID bits for regular files, and permits them 
to be cleared for other types of files. This is so that changes 
in accessibility do not accidentally cause files to become 
security holes."

-- 
 Markku Kolkka
 markku.kolkka@xxxxxx

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux