Bug#665451: marked as done (coreutils: chown/chgrp invalidly reset suid/sgid)

[Debian Bug Tracking System]

Your message dated Sat, 24 Mar 2012 18:54:31 -0400
with message-id <20120324225431.ga10...@mathom.us>
and subject line Re: Bug#665451: coreutils: chown/chgrp illegally reset 
suid/sgid
has caused the Debian Bug report #665451,
regarding coreutils: chown/chgrp invalidly reset suid/sgid
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
665451: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665451
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: coreutils
Version: 8.13-3
Severity: important

Hello!
Sorry my bad English

chown/chgrp illegally reset suid/sgid. I think this is critical, as it is often 
used in [post/pre]install scripts, see Bug #664206.

globus@aspera:~/mia/tmp$ ls -l
-rwxr-xr-x 1 globus globus    12 Мар 24 17:12 testp

globus@aspera:~/mia/tmp$ chmod 2755 testp 

globus@aspera:~/mia/tmp$ ls -l
-rwxr-sr-x 1 globus globus    12 Мар 24 17:12 testp

globus@aspera:~/mia/tmp$ chown globus:tempo testp 

globus@aspera:~/mia/tmp$ ls -l testp 
-rwxr-xr-x 1 globus tempo 12 Мар 24 17:12 testp

globus@aspera:~/mia/tmp$ chmod 6755 testp 

globus@aspera:~/mia/tmp$ ls -l testp 
-rwsr-sr-x 1 globus tempo 12 Мар 24 17:12 testp

globus@aspera:~/mia/tmp$ chown globus:globus testp 

globus@aspera:~/mia/tmp$ ls -l testp 
-rwxr-xr-x 1 globus globus 12 Мар 24 17:12 testp

globus@aspera:~/mia/tmp$ chmod 7755 testp 

globus@aspera:~/mia/tmp$ ls -l testp 
-rwsr-sr-t 1 globus globus 12 Мар 24 17:12 testp

globus@aspera:~/mia/tmp$ chown globus:globus testp

globus@aspera:~/mia/tmp$ ls -l testp 
-rwxr-xr-t 1 globus globus 12 Мар 24 17:12 testp

globus@aspera:~/mia/tmp$ chmod 6755 testp 

globus@aspera:~/mia/tmp$ ls -l testp 
-rwsr-sr-x 1 globus globus 12 Мар 24 17:12 testp

globus@aspera:~/mia/tmp$ chgrp tempo testp 

globus@aspera:~/mia/tmp$ ls -l testp 
-rwxr-xr-x 1 globus tempo 12 Мар 24 17:12 testp



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages coreutils depends on:
ii  dpkg          1.16.1.2
ii  install-info  4.13a.dfsg.1-8
ii  libacl1       2.2.51-5
ii  libattr1      1:2.4.46-5
ii  libc6         2.13-27
ii  libselinux1   2.1.9-2

coreutils recommends no packages.

coreutils suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

On Sat, Mar 24, 2012 at 01:46:18PM -0600, Bob Proulx wrote:

I cannot reproduce this behavior.  This chown action should produce an
error message.  By default on BSD-like systems such as Debian
GNU/Linux chown is only allowed by root.  You should be seeing this
error message:

 chown: changing ownership of `testp': Operation not permitted

No, because the chown is a noop; he's only changing the group.

The larger point that this is an OS policy is correct; chown/chgrp in coreutils aren't calling chmod themselves in this case. This is a requirement of POSIX chown(2), and thus fairly unlikely to change.

Mike Stone

--- End Message ---