| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bug-60676-13602@https.bugzilla.kernel.org/>
Date: Thu, 01 Aug 2013 15:02:36 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: linux-ext4@...r.kernel.org
Subject: [Bug 60676] New: Stat system call gives permission denied to root
for links under a sticky bit
https://bugzilla.kernel.org/show_bug.cgi?id=60676
Bug ID: 60676
Summary: Stat system call gives permission denied to root for
links under a sticky bit
Product: File System
Version: 2.5
Kernel Version: 3.5.0
Hardware: x86-64
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: ext4
Assignee: fs_ext4@...nel-bugs.osdl.org
Reporter: jck@...ek.com
Regression: No
If a directory has a sticky bit set, root cannot use anything that makes the
stat system call on any of the links there.
Example:
> $ ls -ld /tmp/
> drwxrwxrwt 17 root root 4825088 Aug 1 10:50 /tmp/
> $ mkdir /tmp/testdir
> $ touch /tmp/testdir/testfile
> $ ln -s /tmp/testdir/ /tmp/testlink
> $ ls /tmp/testlink/
> testfile
> $ su
> # ls /tmp/testlink
ls: cannot access /tmp/testlink: Permission denied
> # ls /tmp/testdir
> testfile
I can see how having root blindly follow links in a sticky directory could be a
bad idea, but this goes against the behavior described by the man pages.
--
You are receiving this mail because:
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists