Re: chown clears suid bit!

[Brian K. White]

Well that does explain why it didn't matter whether I used a shells built-in 
chown like ksh93, or /bin/chown it always acted the same.

Your explanations do make sense but it sure was a surprise is all. I wasn't 
bs'ing when I said the same script has been unchanged for years, and worked 
on several platforms, including linux, for years.
Perhaps the fact that it's always root that runs this, and previously (or 
still on other platforms) root was treated specially?
Maybe it's still supposed to do that and there is a kernel bug now that 
decides even root shouldn't be allowed to chown a file without clearing any 
suid?
Also there's the fact that 99% of the time the chown commands in this 
particular script end up being no-ops because the script is intended to 
correct errors, and normally all the files would already be what the script 
wants, and maybe previously in the case of a no-op it really did (what I 
think) the more sensible thing, nothing.

Anyways. As long as it's documented and can be counted on not to change (any 
more), then it's fine...
Thanks much

Brian K. White  --  address@hidden  --  http://www.aljex.com/bkw/
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro  BBx    Linux  SCO  FreeBSD    #callahans  Satriani  Filk!


----- Original Message ----- 
From: "Paul Eggert" <address@hidden>
To: "Brian K. White" <address@hidden>
Cc: <address@hidden>
Sent: Thursday, April 13, 2006 2:11 AM
Subject: Re: chown clears suid bit!


> "Brian K. White" <address@hidden> writes:
>
> > chown now clears the suid bit from files it acts upon.
>
> This tends to be a property of the kernel, not of the chown
> executable.  You can verify this by running "strace chown user file"
> on your GNU/Linux host.  In the example below, the command "chown
> eggert at" executed the chown32 system call as requested, but the
> kernel decided to clear the setuid bit.  Hence the bug (if there is
> one) is in the kernel, not in coreutils.
>
> penguin:/tmp# pwd
> /tmp
> penguin:/tmp# cp -p /usr/bin/at .
> penguin:/tmp# ls -l at
> -rwsr-xr-x  1 root root 34488 Jan 18  2002 at
> penguin:/tmp# strace -o tr chown eggert at
> penguin:/tmp# tail tr
> munmap(0x40018000, 1130)                = 0
> close(3)                                = 0
> lstat64("at", {st_mode=S_IFREG|S_ISUID|0755, st_size=34488, ...}) = 0
> open(".", O_RDONLY|O_NONBLOCK|O_NOCTTY|O_LARGEFILE|O_DIRECTORY) = 3
> fchdir(3)                               = 0
> chown32("at", 1000, -1)                 = 0
> fchdir(3)                               = 0
> close(3)                                = 0
> close(1)                                = 0
> exit_group(0)                           = ?
> penguin:/tmp# ls -l at
> -rwxr-xr-x  1 eggert root 34488 Jan 18  2002 at