Bugtraq mailing list archives
Re: FD/overwriting suid files
From: grs () claircom com (Gregg Siegfried)
Date: Mon, 13 Feb 95 16:45 PST
I always have thought that any good OS will reset any suid/sgid bits on a file write. Such is the case for the Solaris 2.4 machine I tested this on. I think any OS that doesn't do this has some deep design flaws.
I've been back and forth on this with Sun. That the setuid and setgid bits are reset on *any* write, I consider a bug. I agree that the setuid bit must be reset if the process that is doing the writing has a uid/euid different from the owner of the file, and that the setgid must be reset if the writing process is not a member of the group of the file. Sun apparently agrees with your interpretation. I take issue with your "deep design flaws" comment, however. Although obviously a major security flaw, I'm not sure I'd categorize such a defect in such strong language. In fact, while I do not have my Lions book to verify it, I will hypothesize that the version you refer to in your signature exhibited the behaviour you condemn. I will give you that, in this decade, this type of defect may very well be indicative of the "deep design flaws" you refer to. Gregg Siegfried grs () claircom com
Nathan Lawson | "One of the advantages of using UNIX to teach an operating CSL 490 Admin | systems course is the sources and documentation will easily 756-7180 @Work | fit into a students briefcase." -- John Lions (1976)
Current thread:
- FD/overwriting suid files Nathan Lawson (Feb 13)
- Re: FD/overwriting suid files Oliver Friedrichs (Feb 13)
- <Possible follow-ups>
- Re: FD/overwriting suid files Gregg Siegfried (Feb 13)
- Re[2]: IFS Tim.Herman () GSA GOV (Feb 14)
- Re: FD/overwriting suid files Rens Troost (Feb 14)