Re: FD/overwriting suid files

[grs () claircom com (Gregg Siegfried)]

> I always have thought that any good OS will reset any suid/sgid bits on a file
> write.  Such is the case for the Solaris 2.4 machine I tested this on.  I think
> any OS that doesn't do this has some deep design flaws.

I've been back and forth on this with Sun.  That the setuid and setgid
bits are reset on *any* write, I consider a bug.  I agree that the setuid
bit must be reset if the process that is doing the writing has a uid/euid
different from the owner of the file, and that the setgid must be reset
if the writing process is not a member of the group of the file.

Sun apparently agrees with your interpretation.

I take issue with your "deep design flaws" comment, however.  Although
obviously a major security flaw, I'm not sure I'd categorize such a defect
in such strong language.  In fact, while I do not have my Lions book to
verify it, I will hypothesize that the version you refer to in your signature
exhibited the behaviour you condemn.

I will give you that, in this decade, this type of defect may very well be
indicative of the "deep design flaws" you refer to.

Gregg Siegfried
grs () claircom com


> Nathan Lawson   | "One of the advantages of using UNIX to teach an operating
> CSL 490 Admin   |  systems course is the sources and documentation will easily
> 756-7180 @Work  |  fit into a students briefcase."  -- John Lions (1976)