Bug 525398 - RHEL4: Unable to write to file as non-root user with setuid and setgid bit set
Summary: RHEL4: Unable to write to file as non-root user with setuid and setgid bit set
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.9
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Cong Wang
QA Contact: Petr Beňas
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-24 08:45 UTC by Cong Wang
Modified: 2015-01-04 22:59 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-02-16 15:48:18 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0263 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 4.9 kernel security and bug fix update 2011-02-16 15:14:55 UTC

Description Cong Wang 2009-09-24 08:45:53 UTC
From Sathisha Poojary:
I was working with RHEL 5 update 3 and noticed a minor inconvenience which was
a side effect of the RHEL5.3 patch BZ#463687 [kernel: open() call allows setgid
bit when user is not in new file's group].

Steps to reproduce the issue:

#mkdir /newdir
#touch /newdir/file1
#chmod 06777 /newdir/file1

#su newuser
$dd if=/dev/null of=/newdr/file1
dd: opening '/newdir/file1': Operation not permitted

However the dd works with 'conv=notrunc' option.

Comment 1 RHEL Program Management 2010-04-14 03:09:44 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 2 Vivek Goyal 2010-10-15 13:28:59 UTC
Committed in 89.44.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/

Comment 8 Petr Beňas 2010-11-18 11:51:11 UTC
Reproduced in 89.43.EL and verified in 89.44.EL.

Comment 10 errata-xmlrpc 2011-02-16 15:48:18 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0263.html


Note You need to log in before you can comment on or make changes to this bug.