lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <bug-60676-13602@https.bugzilla.kernel.org/> Date: Thu, 01 Aug 2013 15:02:36 +0000 From: bugzilla-daemon@...zilla.kernel.org To: linux-ext4@...r.kernel.org Subject: [Bug 60676] New: Stat system call gives permission denied to root for links under a sticky bit https://bugzilla.kernel.org/show_bug.cgi?id=60676 Bug ID: 60676 Summary: Stat system call gives permission denied to root for links under a sticky bit Product: File System Version: 2.5 Kernel Version: 3.5.0 Hardware: x86-64 OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: ext4 Assignee: fs_ext4@...nel-bugs.osdl.org Reporter: jck@...ek.com Regression: No If a directory has a sticky bit set, root cannot use anything that makes the stat system call on any of the links there. Example: > $ ls -ld /tmp/ > drwxrwxrwt 17 root root 4825088 Aug 1 10:50 /tmp/ > $ mkdir /tmp/testdir > $ touch /tmp/testdir/testfile > $ ln -s /tmp/testdir/ /tmp/testlink > $ ls /tmp/testlink/ > testfile > $ su > # ls /tmp/testlink ls: cannot access /tmp/testlink: Permission denied > # ls /tmp/testdir > testfile I can see how having root blindly follow links in a sticky directory could be a bad idea, but this goes against the behavior described by the man pages. -- You are receiving this mail because: You are watching the assignee of the bug. -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists