SuSe 10.1 and filePro 5.0.14D4
Nancy Palmquist
nlp at vss3.com
Tue Jul 18 09:58:23 PDT 2006
Kenneth Brody wrote:
> Quoting Nancy Palmquist (Tue, 18 Jul 2006 12:29:38 -0400):
>
>
>>Guys,
>>
>>I got another anomoly. The setperms program will not set the suid bit.
>>(I think I got the name right for that.)
>>
>>So I get:
>>
>>-rwxr-xr-x for dclerk, rclerk, etc. when it should be
>>-rwsr-xr-x
>
> [...]
>
>>The installed version has the following two lines:
>>
>>chmod $mode $file
>>chown $owner $file
>>
>>If I exchange them, it seems to work correctly.
>>
>>chown $owner $file
>>chmod $mode $file
>>
>>If the owner is changed from the command line, the suid bit is removed.
>> Can anyone else verify this behavior?
>>
>>This makes no sense to me. Anyone have any input on this sillyness?
>
>
> The script has been fixed since the 5.0.14 release. (Can someone
> please verify that the latest 5.6 has the fix in it?)
>
> The problem is that chown will reset the setuid bit. This is for
> security reasons, to prevent the setuid bit from applying to the
> new uid, and is probably documented on the chown man page.
>
> As I recall, a non-root user used to be able to chown a file that
> he owned to another uid. Ignoring the disk quota implications,
> imagine creating an executable, setting the setuid bit, and then
> chowning it to root. I believe that this "feature" of chown is
> disallowed nowadays as well.
>
> --
> KenBrody at BestWeb dot net spamtrap: <g8ymh8uf001 at sneakemail.com>
> http://www.hvcomputer.com
> http://www.fileProPlus.com
>
>
It seemed like a security feature, I looked at the --help for chown with
not info about his. If I list the info for chown I do see a mention
about this "feature". Seems like a good idea.
I would check it but I did not install any *nix verions of 5.6 yet.
Nancy
--
Nancy Palmquist MOS & filePro Training Available
Virtual Software Systems Web Based Training and Consulting
PHONE: (412) 835-9417 Web site: http://www.vss3.com
More information about the Filepro-list
mailing list