From owner-freebsd-bugs  Tue Oct 22 22:56:02 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id WAA17612
          for bugs-outgoing; Tue, 22 Oct 1996 22:56:02 -0700 (PDT)
Received: from freenet.hamilton.on.ca (main.freenet.hamilton.on.ca [199.212.94.65])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id WAA17591;
          Tue, 22 Oct 1996 22:55:57 -0700 (PDT)
Received: from james.freenet.hamilton.on.ca (james.freenet.hamilton.on.ca [199.212.94.66]) by freenet.hamilton.on.ca (8.7.5/8.7.3) with ESMTP id BAA29092; Wed, 23 Oct 1996 01:56:07 -0400 (EDT)
Received: from localhost (ac199@localhost) by james.freenet.hamilton.on.ca (8.7.5/8.7.3) with SMTP id BAA18380; Wed, 23 Oct 1996 01:57:56 -0400 (EDT)
X-Authentication-Warning: james.freenet.hamilton.on.ca: ac199 owned process doing -bs
Date: Wed, 23 Oct 1996 01:57:56 -0400 (EDT)
From: Tim Vanderhoek <hoek@freenet.hamilton.on.ca>
Reply-To: Tim Vanderhoek <hoek@freenet.hamilton.on.ca>
To: "Marc G. Fournier" <scrappy@freefall.freebsd.org>
cc: mark@linus.demon.co.uk, freebsd-bugs@freefall.freebsd.org
Subject: Re: bin/1351
In-Reply-To: <199610230418.VAA02394@freefall.freebsd.org>
Message-ID: <Pine.GSO.3.95.961023014012.17100A-100000@james.freenet.hamilton.on.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Tue, 22 Oct 1996, Marc G. Fournier wrote:

> Synopsis: security problem with mv(1)
> 
> State-Changed-From-To: open-feedback
> State-Changed-By: scrappy
> State-Changed-When: Tue Oct 22 21:16:47 PDT 1996
> State-Changed-Why: 
> 
> Anyone out there familiar with mv, and, potentially, this bug?

mv(1) itself is a kludge (IMO).  There is a discussion archived in -bugs
over bin/1375 where this comes up a couple of times.  This bug, and
probably many more, all exist in mv(1).

mv(1) is just crawling with things that aren't perfect...

If I understand the suggested fix correctly, it by itself won't fix the
problem.  My opinion is that as soon as mv(1) sees it can't retain the
[ug]id, it should scream bloody murder and ask for direction (namely, skip
this file or copy, but clear wrx bits for [gu]id).

Maybe POSIX has something to say?

My opinion is that mv(1) and cp(1) should be rewritten and merged into one
program.  I've played with this a little, and eventually might reach
something I consider satisfactory...


--
Outnumbered?  Maybe.  Outspoken?  Never!
tIM...HOEk