chown() not POSIX compliant in 2.2.* and 2.4.*

[Stefan Nordhausen <deletethis.nordhaus@informatik.hu-berlin.de>]

[-- Attachment #1: Type: text/plain, Size: 1003 bytes --]

Hi,
I noted that chown will not always take away the SGID bit from 
nondirectories. Posix says the following about it (taken from [1]):

"If the path argument refers to a regular file, the set-user-ID 
(S_ISUID) and set-group-ID (S_ISGID) bits of the file mode shall be 
cleared upon successful return from chown(), unless the call is made by 
process with appropriate privileges [=root], in which case it is 
implementation defined whether those bits are altered."

As far as I can tell the 2.6.* kernel is Posix compliant as it will 
always remove both SUID and SGID. 2.2.* and 2.4.* will _only_ remove the 
SGID bit if the file is group executable. This is not Posix compliant 
and it is also a potential security whole (as in my case). So I suggest 
the attached patch against 2.4.26rc1. It will make chown always clear 
the SGID bit, just like 2.6 does.

MfG
Stefan Nordhausen


[1] http://mail-index.netbsd.org/netbsd-bugs/1997/12/10/0003.html
--
Not only does god play dice. The dice are loaded.

[-- Attachment #2: chown.diff --]
[-- Type: text/plain, Size: 581 bytes --]

diff -Naur linux-2.4.26rc1/fs/open.c linux-2.4.26rc1_/fs/open.c
--- linux-2.4.26rc1/fs/open.c	2004-04-02 14:46:26.000000000 +0200
+++ linux-2.4.26rc1_/fs/open.c	2004-04-02 15:01:21.000000000 +0200
@@ -587,8 +587,10 @@
 	 * 19981026	David C Niemi <niemi@tux.org>
 	 *
 	 * Removed the fsuid check (see the comment above) -- 19990830 SD.
+	 *
+	 * Always remove SGID bit to comply with POSIX.
 	 */
-	if (((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) 
+	if (((inode->i_mode & S_ISGID) == S_ISGID) 
 		&& !S_ISDIR(inode->i_mode))
 	{
 		newattrs.ia_mode &= ~S_ISGID;