On Thu, Apr 28, 2022 at 5:12 AM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > On Thu, Apr 28, 2022 at 02:49:11AM +0000, Al Viro wrote: > > Let's try to separate the issues here. Jann, could you explain what makes > > empty sgid files dangerous? > > Found the original thread in old mailbox, and the method of avoiding the > SGID removal on modification is usable. Which answers the question above... As context for everyone on the thread who isn't on security@, you can see a public copy of the bug report here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1611 and also here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1779923 And the kernel patch in question is this one: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
