From owner-freebsd-bugs  Sun Aug 13 02:10:03 1995
Return-Path: bugs-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id CAA17483
          for bugs-outgoing; Sun, 13 Aug 1995 02:10:03 -0700
Received: (from gnats@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id CAA17476
          ; Sun, 13 Aug 1995 02:10:02 -0700
Resent-Date: Sun, 13 Aug 1995 02:10:02 -0700
Resent-Message-Id: <199508130910.CAA17476@freefall.FreeBSD.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, wosch@cs.tu-berlin.de
Received: from mail.cs.tu-berlin.de (mail.cs.tu-berlin.de [130.149.17.13])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id CAA17363
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 13 Aug 1995 02:07:02 -0700
Received: from localhost.cs.tu-berlin.de ([130.149.1.128]) by mail.cs.tu-berlin.de (8.6.12/8.6.12) with ESMTP id LAA21178 for <FreeBSD-gnats-submit@freebsd.org>; Sun, 13 Aug 1995 11:03:29 +0200
Received: (from wosch@localhost) by localhost (8.6.9/8.6.9) id KAA00428; Sun, 13 Aug 1995 10:51:52 +0200
Message-Id: <199508130851.KAA00428@localhost>
Date: Sun, 13 Aug 1995 10:51:52 +0200
From: Wolfram Schneider <wosch@cs.tu-berlin.de>
Reply-To: wosch@cs.tu-berlin.de
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: kern/679: chown(2) ignores set-user-id and set-group-id bits for root
Sender: bugs-owner@freebsd.org
Precedence: bulk


>Number:         679
>Category:       kern
>Synopsis:       chown(2) ignores set-user-id and set-group-id bits for root
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 13 02:10:01 PDT 1995
>Last-Modified:
>Originator:     Wolfram Schneider
>Organization:
>Release:        FreeBSD 2.0-ALPHA i386
>Environment:
>Description:


from chown(2) manpage:

  [...] but the change owner capability is restricted to the super-user.

  Chown() clears the set-user-id and set-group-id bits on the file to pre-
  vent accidental or mischievous creation of set-user-id and set-group-id
  programs.


That's all right and should not been changed. Unfortunately chown
does not clear set-user-id and set-group-id bits if you are root.


>How-To-Repeat:

$ touch Grunewald
$ chmod 4777 Grunewald 
$ ls -lg Grunewald 
-rwsrwxrwx  1 wosch  wheel  0 Aug 13 10:38 Grunewald

$ su root
$ su root
# chown bin Grunewald 
# ls -lg Grunewald 
-rwsrwxrwx  1 bin  wheel  0 Aug 13 10:38 Grunewald
   ^          ^^^
>Fix:
>Audit-Trail:
>Unformatted: