From: Jim Meyering <jim@meyering.net>
Date: Sat, 12 Jul 2003 11:31:55 +0000 (+0000)
Subject: *** empty log message ***
X-Git-Tag: v5.0.1~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5125cf5f0752bd25a3aed4026a154af4ab4810c;p=thirdparty%2Fcoreutils.git

*** empty log message ***
---

diff --git a/NEWS b/NEWS
index 4f5b01bc37..588da78db3 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,16 @@ GNU coreutils NEWS                                    -*- outline -*-
 - new program: `[' (much like `test')
 
 ** New features
+- chown no longer tries to preserve set-user-ID and set-group-ID bits;
+  on some systems, the chown syscall resets those bits, and previous
+  versions of the chown command would call chmod to restore the original,
+  pre-chown(2) settings, but that behavior is problematic.
+  1) There was a window whereby a malicious user, M, could subvert a
+  chown command run by some other user and operating on files in a
+  directory where M has write access.
+  2) Before (and even now, on systems with chown(2) that doesn't reset
+  those bits), an unwary admin. could use chown unwittingly to create e.g.,
+  a set-user-ID root copy of /bin/sh.
 - head now accepts --lines=-N (--bytes=-N) to print all but the
   N lines (bytes) at the end of the file
 - md5sum --check now accepts the output of the BSD md5sum program, e.g.,