Subject: Re: clearing suid/sgid bits upon ownership change
To: None <current-users@NetBSD.ORG>
From: None <tooleym@Douglas.BC.CA>
List: current-users
Date: 12/10/1997 12:08:15
On Wed, 10 Dec 1997, Jim Wise wrote:
> Date: Wed, 10 Dec 1997 11:58:44 -0500 (EST)
> From: Jim Wise <jimw@numenor.turner.com>
> To: Rob Windsor <windsor@warthog.com>
> Cc: tech-kern@NetBSD.ORG, current-users@NetBSD.ORG
> Subject: Re: clearing suid/sgid bits upon ownership change
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Tue, 9 Dec 1997, Rob Windsor wrote:
>
> > securelevel >1. I can't stand this behavior. No other modern un*x in the
> > world does this insane crap. I just love `surprises' like this in NetBSD --
> > not.
>
> - From the XSI5 (Unix 98) Standard:
>
> If the path argument refers to a regular file, the set-user-ID
> (S_ISUID) and set-group-ID (S_ISGID) bits of the file mode are
> cleared upon successful return from chown(), unless the call is
> made by a process with appropriate privileges, in which case it
> is implementation-dependent whether these bits are altered.
>
> It is also not true that ` No other modern un*x in the world does this':
>
> Solaris 2.6:
[example deleted]
> Irix 6.2
[example deleted]
> So, this feature may or may not be a good idea, (I like it myself), but
> it _is_ standard, and it _is_ widely implemented.
Would this be another paranoia security feature as part of the file
system or perhaps kernel specs? I think I prefer this sort of behaviour--I
think once certain suid programs are set up, I don't want them changing
groups and still having the same supernatural powers. Once I set root's
group, there's little chance of me changing everything.
It makes sense in a way, at least to me, and the behaviour is expected
--removing it could open up a slew of problems. We've had the behaviour
for a while now, people and programs expect it. If we change it, we'd have
to ensure that all references to chgrp or guids are reprogrammed.
I think buddy just spoke a little hastily--in anger, perhaps after trying
to reconfigure his group/passwd/etc.