[Kernel-packages] [Bug 1877151] Re: root unable to write to file in directory with sticky bit with fs.protected_regular set

Thu, 21 May 2020 08:21:10 -0700 

** Changed in: linux (Ubuntu)
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1877151

Title:
  root unable to write to file in directory with sticky bit with
  fs.protected_regular set

Status in linux package in Ubuntu:
  Invalid

Bug description:
  In Focal (kernel 5.4), given the following scenario...

  1. Directory owned by root:root with mode 1775 (sticky bit set)
  2. File inside directory owned by www-data:www-data with mode 0664
  3. fs.protected_regular set to non-0 value (the default is now 2)

  ... root is unable to write to the file if O_CREAT is set when opening
  it. Setting fs.protected_regular=0 works around the problem.

  This seems to be the result of this change:

  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30aba6656f61ed44cba445a3c0d38b296fa9e8f5

  It's not explicit in the commit message or documentation, but i
  wouldn't expect this restriction to apply to root... right?

  
  Replication:

  % lsb_release -sd; cat /proc/version_signature
  Ubuntu 20.04 LTS
  Ubuntu 5.4.0-29.33-generic 5.4.30

  # Create directory and file
  % sudo -u www-data touch /tmp/myfile                                          
                                                         % \ls -ld /tmp 
/tmp/myfile
  drwxrwxrwt 13 root     root     4096 May  6 11:18 /tmp
  -rw-rw-r--  1 www-data www-data    0 May  6 11:18 /tmp/myfile

  # Write by owner: OK
  % sudo -u www-data sh -c 'whoami > /tmp/myfile'
  % cat /tmp/myfile
  www-data

  # Write by root, fs.protected_regular=2 (default): FAIL
  % sudo sysctl fs.protected_regular
  fs.protected_regular = 2
  % sudo -u root sh -c 'whoami > /tmp/myfile'
  sh: 1: cannot create /tmp/myfile: Permission denied
  % cat /tmp/myfile
  www-data

  # Write by root, fs.protected_regular=1: FAIL
  # (NOTE: This one seems to succeed if /tmp/myfile is owned by www-data:root
  # instead of www-data:www-data)
  % sudo sysctl fs.protected_regular=1
  fs.protected_regular = 1
  % sudo -u root sh -c 'whoami > /tmp/myfile'
  sh: 1: cannot create /tmp/myfile: Permission denied
  % cat /tmp/myfile
  www-data

  # Write by root, fs.protected_regular=0: OK
  % sudo sysctl fs.protected_regular=0
  fs.protected_regular = 0
  % sudo -u root sh -c 'whoami > /tmp/myfile'
  % cat /tmp/myfile
  root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1877151/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to