On Fri, Mar 11, 2022 at 7:59 AM Neil Bothwick <n...@digimed.co.uk> wrote: > > On Fri, 11 Mar 2022 12:38:48 +0100, Dr Rainer Woitok wrote: > > > No. My "/tmp/" directory is not mounted at all, it is just a genuine > > directory in "/". And that root CAN overwrite a file it doesn't own in > > other directories, is due to most directories not having the sticky bit > > set (which is a (wanted) particularity of "/tmp/" and "/var/tmp/", in > > that it prevents normal users from (re)moving other people's files): > > It's not the sticky bit per se from what I've read, but the new default > prevents root from overwriting a file if the file and the directory > containing it have different owners. In most cases, the file has the same > directory as the owner so this does not happen, but the sticky bit allows > users that don't own the directory to create files in it. > > > -- > Neil Bothwick > > Assassins do it from behind.
Is this related to the 'dirty pipe' vulnerability that has been in the news of late and has gotten patched in most distros in the last few days? - Mark
