When you copy a file to a different filesystem, what's going on under the hood is that a you create a new file and copy the contents. Moving a file to a different filesystem is done by copying then removing the source. So you have no more privileges when copying a file than at any other time you're creating a file.
When you create a file, it belongs to you. Many unix variants restrict changing the owner (chown
) to root. Even those that allow the owner of a file to give it away clear the setuid and setgid bits when doing so. Group ownership changes (chgrp
) also clear away the setxid bits unless invoked with root privileges. And you need to own the file or be root to change its permissions. So you can't create a setxid file for a user or group you don't have permission to run programs as.
A different vector for setxid file injection is filesystem mounting. Most configurations only allow the setxid bits on filesystems directly mounted by root (as opposed /etc/fstab
entries with the user
option on Linux, Samba, FUSE, …). Sometimes, for example with NFS mounts, it's up to the system administrator to ensure that filesystems are mounted with the nosuid
option.