mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-28 20:11:00 +01:00
1771415dae
chown(). Previously, it wasn't marked for null chown()'s. We permit null chown()s as a special case of "appropriate privilege" - everyone has enough priviilege to not change ids (this is a better argument than the one I gave for rev.1.13, that null changes aren't really changes). However, POSIX.1 requires the update independently of whether anything has changed. Clear both the setuid and the setgid bits upon successful completion of non-null chown()s by non-root. Previously, the setuid bit was only changed for non-null changes of the uid, etc. POSIX.1 requires clearing both unless the call was made by a process with "appropriate privilege", in which case altering the bits is implementation-defined. We define appropriate privilege as `process is root, or the change is null', and the implementation-defined behaviour as not altering the bits. There is no interpretation that permits clearing only one of the bits. Reviewed by: jdp |
||
---|---|---|
.. | ||
ffs | ||
lfs | ||
mfs | ||
ufs |