From wosch@mail.cs.tu-berlin.de  Sun Aug 13 02:07:04 1995
Received: from mail.cs.tu-berlin.de (mail.cs.tu-berlin.de [130.149.17.13])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id CAA17363
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 13 Aug 1995 02:07:02 -0700
Received: from localhost.cs.tu-berlin.de ([130.149.1.128]) by mail.cs.tu-berlin.de (8.6.12/8.6.12) with ESMTP id LAA21178 for <FreeBSD-gnats-submit@freebsd.org>; Sun, 13 Aug 1995 11:03:29 +0200
Received: (from wosch@localhost) by localhost (8.6.9/8.6.9) id KAA00428; Sun, 13 Aug 1995 10:51:52 +0200
Message-Id: <199508130851.KAA00428@localhost>
Date: Sun, 13 Aug 1995 10:51:52 +0200
From: Wolfram Schneider <wosch@cs.tu-berlin.de>
Reply-To: wosch@cs.tu-berlin.de
To: FreeBSD-gnats-submit@freebsd.org
Subject: chown(2) ignores set-user-id and set-group-id bits for root
X-Send-Pr-Version: 3.2

>Number:         679
>Category:       kern
>Synopsis:       chown(2) ignores set-user-id and set-group-id bits for root
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    peter
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 13 02:10:01 PDT 1995
>Closed-Date:    Thu Feb 8 10:59:23 PST 1996
>Last-Modified:  Thu Feb  8 11:05:04 PST 1996
>Originator:     Wolfram Schneider
>Release:        FreeBSD 2.0-ALPHA i386
>Organization:
>Environment:
>Description:


from chown(2) manpage:

  [...] but the change owner capability is restricted to the super-user.

  Chown() clears the set-user-id and set-group-id bits on the file to pre-
  vent accidental or mischievous creation of set-user-id and set-group-id
  programs.


That's all right and should not been changed. Unfortunately chown
does not clear set-user-id and set-group-id bits if you are root.


>How-To-Repeat:

$ touch Grunewald
$ chmod 4777 Grunewald 
$ ls -lg Grunewald 
-rwsrwxrwx  1 wosch  wheel  0 Aug 13 10:38 Grunewald

$ su root
$ su root
# chown bin Grunewald 
# ls -lg Grunewald 
-rwsrwxrwx  1 bin  wheel  0 Aug 13 10:38 Grunewald
   ^          ^^^
>Fix:

From: Wolfram Schneider <wosch@cs.tu-berlin.de>
Date: Wed, 7 Feb 1996 15:03:24 +0100
Message-Id: <199602071403.PAA15972@gundula.cs.tu-berlin.de>
To: security@FreeBSD.ORG
Subject: chown(2) patch

--- 1.1	1995/09/05 22:12:59
+++ ufs_vnops.c	1996/02/04 22:43:42
@@ -546,10 +546,24 @@
 #endif /* QUOTA */
 	if (ouid != uid || ogid != gid)
 		ip->i_flag |= IN_CHANGE;
+
+#ifdef COMPAT_CHOWN
+	/* clear suid/sgid flag for non-root files */
 	if (ouid != uid && cred->cr_uid != 0)
 		ip->i_mode &= ~ISUID;
 	if (ogid != gid && cred->cr_uid != 0)
 		ip->i_mode &= ~ISGID;
+#else
+	/* 
+	 * always clear suid/sgid flags, 
+	 * also for root like manpage claims 
+	 */
+
+	if (ouid != uid)
+		ip->i_mode &= ~ISUID;
+	if (ogid != gid)
+		ip->i_mode &= ~ISGID;
+#endif /* !COMPAT_COMPAT */
 	return (0);
 }
 

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: pst 
State-Changed-When: Wed Feb 7 09:15:56 PST 1996 
State-Changed-Why:  
This looks appropriate to me and is more in line with the UNIX standard. 


Responsible-Changed-From-To: freebsd-bugs->peter 
Responsible-Changed-By: pst 
Responsible-Changed-When: Wed Feb 7 09:15:56 PST 1996 
Responsible-Changed-Why:  
Peter - would you care to verify my opinion before this is changed? 
State-Changed-From-To: analyzed->closed 
State-Changed-By: pst 
State-Changed-When: Thu Feb 8 10:59:23 PST 1996 
State-Changed-Why:  
Peter and Bruce feel this change is not appropriate. 
Therefore I have fixed the documentation to match current behavior. 
>Unformatted:
