I noticed that overwriting an setuid file with a non-setuid file keeps the 
original setuid bit.

I noticed this on an old version of NetBSD-current when I installed my 
smtp outbound mail relay that is setgid (not setuid).

And reproduced on NetBSD 3.1:

ca# echo hello > abc     
ca# echo something else > def
ca# chown reed def            
ca# chown root abc            
ca# chmod 4755 abc            
ca# ls -l abc def             
-rwsr-xr-x  1 root  reed   6 May 11 12:57 abc
-rw-r--r--  1 reed  reed  15 May 11 12:57 def
ca# cp def abc                
ca# ls -l abc def  
-rwsr-xr-x  1 root  reed  15 May 11 12:58 abc
-rw-r--r--  1 reed  reed  15 May 11 12:57 def

Even copying it saves the setuid:

ca# cp abc ghi
ca# ls -l ghi        
-rwsr-xr-x  1 root  reed  15 May 11 12:58 ghi


Now as non-root:

The following as non-root loses the setuid bit if overwritten -- but keeps 
it when copying:

ca:/home/reed/tmp$ echo Hello > ABC
ca:/home/reed/tmp$ echo Goodbye > DEF
ca:/home/reed/tmp$ chmod 4755 ABC
ca:/home/reed/tmp$ ls -l ABC DEF
-rwsr-xr-x  1 reed  reed  6 May 11 13:00 ABC
-rw-r--r--  1 reed  reed  8 May 11 13:00 DEF
ca:/home/reed/tmp$ cp DEF ABC
ca:/home/reed/tmp$ ls -l ABC DEF 
-rwxr-xr-x  1 reed  reed  8 May 11 13:01 ABC
-rw-r--r--  1 reed  reed  8 May 11 13:00 DEF
ca:/home/reed/tmp$ chmod 4755 ABC 
ca:/home/reed/tmp$ cp ABC GHI
ca:/home/reed/tmp$ ls -l ABC GHI  
-rwsr-xr-x  1 reed  reed  8 May 11 13:01 ABC
-rwsr-xr-x  1 reed  reed  8 May 11 13:01 GHI

Keeping a previous file's setuid (or setgid) is wrong.

On many systems, copying a setuid file loses the mode. Losing the mode is 
normal.


  Jeremy C. Reed