CC-tea/coreutils
1
0
Fork 0
mirror of git://git.sv.gnu.org/coreutils.git synced 2026-04-20 02:36:16 +02:00
Code Issues Projects Releases Wiki Activity

*** empty log message ***

Browse Source
This commit is contained in:
Jim Meyering
2003-07-12 11:31:55 +00:00
parent e5e207df7c
commit b5125cf5f0
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
NEWS
View File

@@ -5,6 +5,16 @@ GNU coreutils NEWS -*- outline -*-
- new program: `[' (much like `test')
** New features
- chown no longer tries to preserve set-user-ID and set-group-ID bits;
on some systems, the chown syscall resets those bits, and previous
versions of the chown command would call chmod to restore the original,
pre-chown(2) settings, but that behavior is problematic.
1) There was a window whereby a malicious user, M, could subvert a
chown command run by some other user and operating on files in a
directory where M has write access.
2) Before (and even now, on systems with chown(2) that doesn't reset
those bits), an unwary admin. could use chown unwittingly to create e.g.,
a set-user-ID root copy of /bin/sh.
- head now accepts --lines=-N (--bytes=-N) to print all but the
N lines (bytes) at the end of the file
- md5sum --check now accepts the output of the BSD md5sum program, e.g.,