All of lore.kernel.org
 help / color / mirror / Atom feed
From: Patrick Donnelly <batrick@batbytes.com>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: open list <linux-kernel@vger.kernel.org>,
	Jeff Layton <jlayton@redhat.com>,
	xiubli@redhat.com, kchai@redhat.com
Subject: Re: file system permissions regression affecting root
Date: Wed, 13 May 2020 09:52:17 -0700	[thread overview]
Message-ID: <CACh33FqzSc26qyvdueZ3ee28j28cyz42n++xnE=BUXe507NLKA@mail.gmail.com> (raw)
In-Reply-To: <20200513161113.GU23230@ZenIV.linux.org.uk>

On Wed, May 13, 2020 at 9:11 AM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> On Wed, May 13, 2020 at 08:00:28AM -0700, Patrick Donnelly wrote:
> > In newer kernels (at least 5.6), it appears root is not able to write
> > to files owned by other users in a sticky directory:
>
> Yes.  Controlled by /proc/sys/fs/protected_regular, which systemd crowd
> has decided to enable in commit 2732587540035227fe59e4b64b60127352611b35
>  [...]

Thanks for the information Al!

However, it seems odd that this depends on the owner of the directory.
i.e. this protection only seems to be enforced if the sticky directory
is owned by root. That's expected?


-- 
Patrick Donnelly

  reply	other threads:[~2020-05-13 16:52 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-13 15:00 file system permissions regression affecting root Patrick Donnelly
2020-05-13 16:11 ` Al Viro
2020-05-13 16:52   ` Patrick Donnelly [this message]
2020-05-17  4:47     ` Christian Kujau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACh33FqzSc26qyvdueZ3ee28j28cyz42n++xnE=BUXe507NLKA@mail.gmail.com' \
    --to=batrick@batbytes.com \
    --cc=jlayton@redhat.com \
    --cc=kchai@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=xiubli@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.