Andreas Loesch wrote:
[...] müsste ja in den Changelogs stehen.
* Major changes in release 5.0.1 (2003-07-15): [...] - chown no longer tries to preserve set-user-ID and set-group-ID bits; on some systems, the chown syscall resets those bits, and previous versions of the chown command would call chmod to restore the original, pre-chown(2) settings, but that behavior is problematic. 1) There was a window whereby a malicious user, M, could subvert a chown command run by some other user and operating on files in a directory where M has write access. 2) Before (and even now, on systems with chown(2) that doesn't reset those bits), an unwary admin. could use chown unwittingly to create e.g., a set-user-ID root copy of /bin/sh. CU, Th.