lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <bug-60676-13602@https.bugzilla.kernel.org/>
Date:	Thu, 01 Aug 2013 15:02:36 +0000
From:	bugzilla-daemon@...zilla.kernel.org
To:	linux-ext4@...r.kernel.org
Subject: [Bug 60676] New: Stat system call gives permission denied to root
 for links under a sticky bit

https://bugzilla.kernel.org/show_bug.cgi?id=60676

            Bug ID: 60676
           Summary: Stat system call gives permission denied to root for
                    links under a sticky bit
           Product: File System
           Version: 2.5
    Kernel Version: 3.5.0
          Hardware: x86-64
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: ext4
          Assignee: fs_ext4@...nel-bugs.osdl.org
          Reporter: jck@...ek.com
        Regression: No

If a directory has a sticky bit set, root cannot use anything that makes the
stat system call on any of the links there.

Example:
> $ ls -ld /tmp/
> drwxrwxrwt 17 root root 4825088 Aug  1 10:50 /tmp/
> $ mkdir /tmp/testdir
> $ touch /tmp/testdir/testfile
> $ ln -s /tmp/testdir/ /tmp/testlink
> $ ls /tmp/testlink/
> testfile
> $ su
> # ls /tmp/testlink
ls: cannot access /tmp/testlink: Permission denied
> # ls /tmp/testdir
> testfile

I can see how having root blindly follow links in a sticky directory could be a
bad idea, but this goes against the behavior described by the man pages.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists