GNU bug report logs - #8391
chmod setuid & setguid bits

Previous Next

Package: coreutils;

Reported by: Christian <chris <at> computersalat.de>

Date: Thu, 31 Mar 2011 16:48:04 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 8391 <at> debbugs.gnu.org (full text, mbox):

From: Eric Blake <eblake <at> redhat.com>
To: Christian <chris <at> computersalat.de>
Cc: 8391 <at> debbugs.gnu.org
Subject: Re: bug#8391: chmod setuid & setguid bits
Date: Thu, 31 Mar 2011 11:29:19 -0600

[Message part 1 (text/plain, inline)]
On 03/31/2011 03:01 AM, Christian wrote:
> Why can I only use symbolic modes for clearing ?
> 
> ----snip chmod(1) ---
> and you can set (but not clear) the bits with a numeric mode.
> ----snip chmod(1) ---
> 
> isn't "chmod 0755 DIR" explicit enough ?

Thanks for the report.  However, this is not a bug.  POSIX states:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/chmod.html

"For an octal integer mode operand, the file mode bits shall be set
absolutely.

"For each bit set in the octal number, the corresponding file permission
bit shown in the following table shall be set; all other file permission
bits shall be cleared. For regular files, for each bit set in the octal
number corresponding to the set-user-ID-on-execution or the
set-group-ID-on-execution, bits shown in the following table shall be
set; if these bits are not set in the octal number, they are cleared.
For other file types, it is implementation-defined whether or not
requests to set or clear the set-user-ID-on-execution or
set-group-ID-on-execution bits are honored."

A directory is not a regular file.  Therefore, it is
implementation-defined whether the S_ISUID and S_ISGID bits are cleared,
and we have chosen to define that they are not cleared (accidentally
removing the sticky bit of a directory when you only meant to change
access permissions is a security hole).

-- 
Eric Blake   eblake <at> redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org


[signature.asc (application/pgp-signature, attachment)]
This bug report was last modified 13 years and 80 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.