GNU bug report logs - #22511
chown: add "--preserve-setuid" option

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: coreutils; Severity: wishlist; Reported by: William Di Luigi <williamdiluigi@HIDDEN>; dated Mon, 1 Feb 2016 03:17:02 UTC; Maintainer for coreutils is bug-coreutils@HIDDEN.
Changed bug title to 'chown: add "--preserve-setuid" option' from '[request] Add "--preserve-setuid" to the chown command' Request was from Assaf Gordon <assafgordon@HIDDEN> to control <at> debbugs.gnu.org. Full text available.
Severity set to 'wishlist' from 'normal' Request was from Assaf Gordon <assafgordon@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 22511 <at> debbugs.gnu.org:


Received: (at 22511) by debbugs.gnu.org; 1 Feb 2016 09:33:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 01 04:33:11 2016
Received: from localhost ([127.0.0.1]:43899 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1aQAr8-0000aq-Tb
	for submit <at> debbugs.gnu.org; Mon, 01 Feb 2016 04:33:11 -0500
Received: from mail-wm0-f46.google.com ([74.125.82.46]:36216)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <williamdiluigi@HIDDEN>) id 1aQAr7-0000ae-Bq
 for 22511 <at> debbugs.gnu.org; Mon, 01 Feb 2016 04:33:10 -0500
Received: by mail-wm0-f46.google.com with SMTP id p63so60588079wmp.1
 for <22511 <at> debbugs.gnu.org>; Mon, 01 Feb 2016 01:33:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc:content-type;
 bh=gt+fcf0PmGpCKp7RkoKPEkbxS3Lw6AaynLU2rqpUhmg=;
 b=NbtOeocPkGOWtSxdvP2T2PFiQKVmuKdhpsi0k4HKNWaSxLY5dHKN5Gvfel/YxB5E83
 dz4YpCGoWY7UaDe0gN01YRUU11mV4Ms+djhB+qvdfyV0EpKrPoROSHJg/zt+ZvGgKM1z
 SGRA0+OPimmeLRdhLzNYeA1ssoBs3OyF8b+1Wnbg0lKZhgMJBvHwOxDN0ppvig4LoSAc
 neVV6hfQOfm91edjHcRJETKr4FoS2DrkI46aIhJk93PmWUOAC5QptKMqD6YirP4wK1f2
 bLPhdvptvFK0pQixO6SjiLK07KDVrdPi5AnJakWMbh7pW6APUsiS4FzsoG5oC6Wlpp0k
 oCRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc:content-type;
 bh=gt+fcf0PmGpCKp7RkoKPEkbxS3Lw6AaynLU2rqpUhmg=;
 b=bHMiEa4U+280oeXYqLdWed+IWua/60LmpMl/mvYmBr8TIs6Uu7E3xyI/ynrwzpLpFH
 pA09/mBCnE/LpY2VvXOrJ3LMHvegj0YBNVltaEigRT9cubOshC9UnKecW07SscoU5KyO
 2dXtU7/FQTBhiNpkYLrI1UDysuQs6jXusCRNgnXb5mVd1eATtPVi2rf5LCmdM8H9AEQo
 RtCxKgKKvuV7GbK7B2rLZxdKJahi/OzVgdIyK8aTScEuYyK+qsmnQyh3xVxO2NUhzZyQ
 1VON5MIqwBX/Mf7a6JL/T43+4ETdXu1CYREWL34Xw2+Ic8N09wSrQBK0n4DsO+BwjjBs
 PvJg==
X-Gm-Message-State: AG10YOR3le0bMSpDquB78XXEw6nNsE7VkOTZAFhcdo4T2/4Po6Y+QzCLBIyBNy1CAp49xsxTEQ0NN8odc6n2Qw==
X-Received: by 10.194.204.225 with SMTP id lb1mr20490278wjc.156.1454319183609; 
 Mon, 01 Feb 2016 01:33:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.80.230 with HTTP; Mon, 1 Feb 2016 01:32:43 -0800 (PST)
In-Reply-To: <20160201082030.GA15972@HIDDEN>
References: <CAJNpUg5QnAEu9wieVSJGTKT58B684O9b=7sa6Avdhsr75erNEg@HIDDEN>
 <20160201082030.GA15972@HIDDEN>
From: William Di Luigi <williamdiluigi@HIDDEN>
Date: Mon, 1 Feb 2016 10:32:43 +0100
Message-ID: <CAJNpUg5xin9fCsj9dbBX3Ssj34NHocy6sORfkV8hJMKfNsw5bw@HIDDEN>
Subject: Re: bug#22511: [request] Add "--preserve-setuid" to the chown command
To: Erik Auerswald <auerswal@HIDDEN>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22511
Cc: 22511 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Mon, Feb 1, 2016 at 9:20 AM, Erik Auerswald
<auerswal@HIDDEN> wrote:
> How about using "install" to install files, setting owner and mode bits
> in one go?

Mmm I guess it's just that, since I'm packaging an already existing
software, I'd like to patch it as little as possible. In fact, the
Makefile for this software already sets the setuid bit on the file
that needs it. I only need to change the group of that file (and thus
I need to run the chown command on it). However, since chown removes
the setuid bit, I have to "add it back" in the packaging script.

It doesn't make much of a difference, since I can just do chown and
chmod (as I currently do). However, if the proposed flag is
implemented, I can avoid "adding back" the setuid bit and thus I can
simplify the packaging script (well, not by much, I would remove just
2 lines: the chmod line and the bash comment explaining why the chmod
is there).

--
William




Information forwarded to bug-coreutils@HIDDEN:
bug#22511; Package coreutils. Full text available.

Message received at 22511 <at> debbugs.gnu.org:


Received: (at 22511) by debbugs.gnu.org; 1 Feb 2016 08:20:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 01 03:20:36 2016
Received: from localhost ([127.0.0.1]:43853 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1aQ9iu-0006nI-4o
	for submit <at> debbugs.gnu.org; Mon, 01 Feb 2016 03:20:36 -0500
Received: from mailgw1.uni-kl.de ([131.246.120.220]:56027)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <auerswal@HIDDEN>) id 1aQ9ir-0006n7-GK
 for 22511 <at> debbugs.gnu.org; Mon, 01 Feb 2016 03:20:34 -0500
Received: from sushi.unix-ag.uni-kl.de (sushi.unix-ag.uni-kl.de
 [IPv6:2001:638:208:ef34:0:ff:fe00:65])
 by mailgw1.uni-kl.de (8.14.4/8.14.4/Debian-7) with ESMTP id u118KU4n011470
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT);
 Mon, 1 Feb 2016 09:20:30 +0100
Received: from sushi.unix-ag.uni-kl.de (ip6-localhost [IPv6:::1])
 by sushi.unix-ag.uni-kl.de (8.14.4/8.14.4/Debian-4) with ESMTP id
 u118KUpw017593
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Mon, 1 Feb 2016 09:20:30 +0100
Received: (from auerswal@localhost)
 by sushi.unix-ag.uni-kl.de (8.14.4/8.14.4/Submit) id u118KUFG017592;
 Mon, 1 Feb 2016 09:20:30 +0100
Date: Mon, 1 Feb 2016 09:20:30 +0100
From: Erik Auerswald <auerswal@HIDDEN>
To: William Di Luigi <williamdiluigi@HIDDEN>
Subject: Re: bug#22511: [request] Add "--preserve-setuid" to the chown command
Message-ID: <20160201082030.GA15972@HIDDEN>
References: <CAJNpUg5QnAEu9wieVSJGTKT58B684O9b=7sa6Avdhsr75erNEg@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAJNpUg5QnAEu9wieVSJGTKT58B684O9b=7sa6Avdhsr75erNEg@HIDDEN>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Spam-Score: -2.9 (--)
X-Debbugs-Envelope-To: 22511
Cc: 22511 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.9 (--)

Hi,

On Mon, Feb 01, 2016 at 03:33:29AM +0100, William Di Luigi wrote:
> if I understand it correctly, chown clears the setuid bit for security
> reasons (since, when changing the owner or group for a file, you could
> potentially be allowing *new people* to run that file as root).
> 
> While this is good for security, sometimes you want to be able to
> preserve the setuid bit. For example, when packaging software
> (https://bbs.archlinux.org/viewtopic.php?pid=1600551)

How about using "install" to install files, setting owner and mode bits
in one go?

HTH,
Erik
-- 
Always use the right tool for the job.
                        -- Rob Pike




Information forwarded to bug-coreutils@HIDDEN:
bug#22511; Package coreutils. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 1 Feb 2016 03:16:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jan 31 22:16:48 2016
Received: from localhost ([127.0.0.1]:43708 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1aQ4yt-00081i-Uv
	for submit <at> debbugs.gnu.org; Sun, 31 Jan 2016 22:16:48 -0500
Received: from eggs.gnu.org ([208.118.235.92]:55278)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JR-00072u-WB
 for submit <at> debbugs.gnu.org; Sun, 31 Jan 2016 21:33:58 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JM-0007PE-0A
 for submit <at> debbugs.gnu.org; Sun, 31 Jan 2016 21:33:52 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
 T_DKIM_INVALID autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:56448)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JL-0007PA-Tk
 for submit <at> debbugs.gnu.org; Sun, 31 Jan 2016 21:33:51 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46249)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JK-0000MA-W5
 for bug-coreutils@HIDDEN; Sun, 31 Jan 2016 21:33:51 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JK-0007P0-3G
 for bug-coreutils@HIDDEN; Sun, 31 Jan 2016 21:33:50 -0500
Received: from mail-wm0-x22b.google.com ([2a00:1450:400c:c09::22b]:37799)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <williamdiluigi@HIDDEN>) id 1aQ4JJ-0007Oe-QC
 for bug-coreutils@HIDDEN; Sun, 31 Jan 2016 21:33:49 -0500
Received: by mail-wm0-x22b.google.com with SMTP id l66so50950713wml.0
 for <bug-coreutils@HIDDEN>; Sun, 31 Jan 2016 18:33:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:from:date:message-id:subject:to:content-type;
 bh=DuXh2jLfIAFULT8+LTnlde8i4KfpqIg/f3wUzJRt44A=;
 b=WplaabLapSk5Bx8iinGSYY9r0KCV/Xi5+fWyw3hsuCKzq4H40CvO9jwDHtFcMQ5TIw
 7EgM9qxYPFa+vc5QnidzSNPi8tQpAhNOX/lPX9kvEATxCmdkJEtWqso+JtUoredkqRxM
 HFgVXXLaHwyMD05aim+zR6u5kQ7NnPHVzBSOC7TpDFtXb4HMkog19AhuhkWwzlckwq7I
 kOkpA8+Muq9YBhONJg/an7ano46r5bqS9B0tcd9s2n6s0I3ZTTv0y2b8JjzwbDZZm2UV
 LRYjCEI9dZOO03kIIGclQDtsulJRuguYUTFUF2tHWX3Gnuf0y4GDZ8R3T5couJCKdmNl
 eh2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to
 :content-type;
 bh=DuXh2jLfIAFULT8+LTnlde8i4KfpqIg/f3wUzJRt44A=;
 b=WjHzW1jeOyrQzOfqWizDqlP8ZDQxccW/3+ni9cAGJFCxS1xCzLn5w4K7nzUw7EhVhw
 4588WrLLjwFydkWztMcwyPvL24QOaYHhW2y0//0SNuSowIAqNaNfQYo51Ovr53y7KkBY
 /JmjkZwEztWMBEnid8VZ4sgHWoWrRQqiW1V13baQ95/46eKdqi/D7WZ6wcIjUmbsEELQ
 oqjuPLY+MQMyVmRLGqi7WT0YUJgfIdt9V1mGZm4FX5SrhZWll9K8P1L+xYLM5+7hrcK7
 c4/mPqPnAZTm1+FEAxX4Q8kemtgE3p5Ao/YRi1LH58IvKEPbjMzYb/jmGhv7XZe7pCMj
 2jPA==
X-Gm-Message-State: AG10YOSWnfX0iL2a2RZHm6a79siUQhRwJlrp/6ah/B9lwxbKCO0gsQsxu4ZYZlcpluJxDEPzUKijdgiW0jSsXQ==
X-Received: by 10.194.187.240 with SMTP id fv16mr19874313wjc.39.1454294028839; 
 Sun, 31 Jan 2016 18:33:48 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.80.230 with HTTP; Sun, 31 Jan 2016 18:33:29 -0800 (PST)
From: William Di Luigi <williamdiluigi@HIDDEN>
Date: Mon, 1 Feb 2016 03:33:29 +0100
Message-ID: <CAJNpUg5QnAEu9wieVSJGTKT58B684O9b=7sa6Avdhsr75erNEg@HIDDEN>
Subject: [request] Add "--preserve-setuid" to the chown command
To: bug-coreutils@HIDDEN
Content-Type: text/plain; charset=UTF-8
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.0 (----)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Sun, 31 Jan 2016 22:16:47 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -4.0 (----)

Hi,
if I understand it correctly, chown clears the setuid bit for security
reasons (since, when changing the owner or group for a file, you could
potentially be allowing *new people* to run that file as root).

While this is good for security, sometimes you want to be able to
preserve the setuid bit. For example, when packaging software
(https://bbs.archlinux.org/viewtopic.php?pid=1600551)

What do you think about adding a "--preserve-setuid" optional flag?

Regards,
William




Acknowledgement sent to William Di Luigi <williamdiluigi@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-coreutils@HIDDEN. Full text available.
Report forwarded to bug-coreutils@HIDDEN:
bug#22511; Package coreutils. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 25 Nov 2019 12:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.