[986] in bugtraq
Re: FD/overwriting suid files
daemon@ATHENA.MIT.EDU (Oliver Friedrichs)
Tue Feb 14 01:27:48 1995
Date: Mon, 13 Feb 1995 23:29:06 -0600 (CST)
From: Oliver Friedrichs <iceman@MBnet.MB.CA>
To: Nathan Lawson <nlawson@statler.csc.calpoly.edu>
Cc: bugtraq@fc.net
In-Reply-To: <9502132026.AA10550@statler.CSC.CalPoly.Edu>
On Mon, 13 Feb 1995, Nathan Lawson wrote:
> I always have thought that any good OS will reset any suid/sgid bits on a file
> write. Such is the case for the Solaris 2.4 machine I tested this on. I think
> any OS that doesn't do this has some deep design flaws.
This isn't the case for the superuser.
# touch s
# chmod 4755 s
# ls -l s
-rwsr-xr-x 1 root other 0 Feb 13 23:27 s
# cp /bin/sh s
# ls -l s
-rwsr-xr-x 1 root other 85924 Feb 13 23:27 s
#
It also doesn't apply to the superuser writing to setuid files owned by
anyone else. This is rightly so, since root could do whatever it wanted
anyways.
- Oliver
