[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#52481: chown of coreutils may delete the suid of file
From: |
Kamil Dudka |
Subject: |
bug#52481: chown of coreutils may delete the suid of file |
Date: |
Tue, 14 Dec 2021 16:33:00 +0100 |
On Tuesday, December 14, 2021 3:49:37 AM CET 21625039 wrote:
> I encountered a problem with chown on my fedora34 as the version of
> coreutils is 8.32.
>
>
>
> The reproduce process could see the steps blow:
>
> [root@fedora ~]# ll test.txt
>
> -rw-r--r--. 1 root root 0 Dec 13 21:13 test.txt
>
> [root@fedora ~]# chmod 4750 test.txt
>
> [root@fedora ~]# ll test.txt
>
> -rwsr-x---. 1 root root 0 Dec 13 21:13 test.txt
>
> [root@fedora ~]# chown root:root test.txt
>
> [root@fedora ~]# ll test.txt
>
> -rwxr-x---. 1 root root 0 Dec 13 21:13 test.txt
I believe this is already documented [1]:
"The chown command sometimes clears the set-user-ID or set-group-ID
permission bits. This behavior depends on the policy and functionality
of the underlying chown system call, which may make system-dependent
file mode modifications outside the control of the chown command."
Kamil
[1]
https://www.gnu.org/software/coreutils/manual/html_node/chown-invocation.html
> [root@fedora ~]# rpm -qa coreutils
>
> coreutils-8.32-19.fc34.x86_64
>
> [root@fedora ~]# cat /etc/fedora-release
>
> Fedora release 34 (Thirty Four)
>
>
>
> Looking forward to hearing from you!
>
> Thanks.