From john@kuwait.net  Tue Sep  3 06:59:23 1996
Received: from access.kuwait.net (root@access.kuwait.net [194.54.234.234]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id GAA01710 for <best-of-security@suburbia.net>; Tue, 3 Sep 1996 06:58:07 +1000
Received: from jwt.kuwait.net(really [199.173.153.173]) by access.kuwait.net
	via sendmail with smtp (ident john using rfc1413)
	id <m0uxg2f-000CuqC@access.kuwait.net>
	for <best-of-security@suburbia.net>; Mon, 2 Sep 1996 23:56:21 +0300 (GMT)
	(Smail-3.2 1996-Jul-4 #16 built 1996-Aug-3)
Date: Mon, 2 Sep 1996 23:56:12 +0300 (GMT)
From: "John W. Temples" <john@kuwait.net>
To: best-of-security@suburbia.net
Subject: Re: BoS: More on the UnixWare problem
In-Reply-To: <Pine.GSO.3.94.960902130901.19264c-100000@staff1.texas.net>
Message-ID: <Pine.SCO.3.94.960902235022.27951L-100000@jwt.kuwait.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Mon, 2 Sep 1996, Michael Douglass wrote:

> chgrp should not allow you to change a file's
> group to a group which you are not in.

That is standard System V behavior; has been forever.  System V allows
you to "give away" files (both user and group) by default.  What it
doesn't let you do is set the setgid bit on a file with group owership
of a group you're not a member of.  It will also clear the setuid or
setgid bit, as appropriate, when you "give away" a file.

> In other words, if you are not
> in the kmem group, you should not be able to chgrp a file to that group.

Regardless of whether it's a good thing or bad, it is the correct
behavior. 

--
John W. Temples, III       ||       Providing the first public access Internet
Gulfnet Kuwait             ||            site in the Arabian Gulf region