[306] in linux-security and linux-alert archive
write does not clear suids bit
daemon@ATHENA.MIT.EDU (Aleph One)
Thu Aug 3 00:23:35 1995
Date: Wed, 2 Aug 1995 19:32:46 -0500 (CDT)
From: Aleph One <aleph1@dfw.net>
To: linux-kernel@vger.rutgers.edu
Cc: linux-security@tarsier.cv.nrao.edu
Hello everyone. It has come to my attention that write(2) does not clear
the suid nor sgid bit on files when the one doing the write is not root,
altough the fallowing code appers in fs/read_write.c in the sys_write
function:
/*
* If data has been written to the file, remove the setuid and
* the setgid bits
*/
if (written > 0 && !suser() && (inode->i_mode & (S_ISUID | S_ISGID))) {
struct iattr newattrs;
newattrs.ia_mode = inode->i_mode & ~(S_ISUID | S_ISGID);
newattrs.ia_valid = ATTR_MODE;
notify_change(inode, &newattrs);
}
return written;
I wont be in town for a few days, nor I belive I have the knowlage to fix
it. If someone can look into it, great!
Aleph One / aleph1@dfw.net
http://underground.org/
