openssh unix dev - Apr 2007 - chmod sftp command and setgid/setuid bit

Hi OpenSSH developers,

I'm using OpenSSH on a daily basis and I'm very pleased
with the work you've done.

I am contributing to some Open Source software hosted at Savannah
https://savannah.nongnu.org/projects/tsp
and we recently hit some sftp unexpected behavior:
https://savannah.gnu.org/support/?105838

when using chmod sftp client command
it appears that setuid / setgid bits are not handled on the server-side.

that when I

sftp> chmod 2775 afile

I would expect afile to show:
-rwxrwsr-x    1 openssh   isgreat    0 2007-04-25 00:19 afile

but I get:
-rwxrwxr-x    1 openssh   isgreat    0 2007-04-25 00:19 afile

just as if I had typed: "chmod 775 afile " on server-side.

As far as I understand sftp-server.c code is seems that

chmod(name, a->perm & 0777);

is responsible for this behavior.

Could you tell me if not handling setuid/setgid bits on sftp-server
is done on purpose?
Is it a feature or should it be considered a bug?

If it is a feature could you tell me what motivates this choice?

By the way "-p" option of scp command seems to handle setuid/setgid
bits as (I) expected.

Thanks in advance
-- 
Erk

On Wed, Apr 25, 2007 at 12:30:21AM +0200, Eric Noulard
wrote:
> As far as I understand sftp-server.c code is seems that
> 
> chmod(name, a->perm & 0777);
> 
> is responsible for this behavior.
> 
> Could you tell me if not handling setuid/setgid bits on sftp-server
> is done on purpose?
> Is it a feature or should it be considered a bug?
Seems like a bug..

--8<-- draft-ietf-secsh-filexfer-12.txt 7.6. Permissions
The server SHOULD NOT apply a 'umask' to the mode bits; but should
set the mode bits as specified by the client.  The client MUST apply
an appropriate 'umask' to the mode bits before sending them.
-->8--


//Peter

On Wed, 25 Apr 2007, Peter Stuge wrote:
> On Wed, Apr 25, 2007 at 12:30:21AM +0200, Eric Noulard wrote:
> > As far as I understand sftp-server.c code is seems that
> > 
> > chmod(name, a->perm & 0777);
> > 
> > is responsible for this behavior.
> > 
> > Could you tell me if not handling setuid/setgid bits on sftp-server
> > is done on purpose?
> > Is it a feature or should it be considered a bug?
> 
> Seems like a bug..
>
> --8<-- draft-ietf-secsh-filexfer-12.txt 7.6. Permissions
We do not implement filexfer-12, we stopped chasing newer filexfer drafts
when the authors started loading NFS-like features into the protocol.

The reason for the mask is probably simple paranoia, and it could probably
be relaxed. Please file a bug at http://bugzilla.mindrot.org/

-d