[Kernel-packages] [Bug 1875667] Re: root cannot flock user file in rwt dir if parent gives limited access
This appears to be due to an intentional change in behavior to improve security which I believe was introduced in 19.10. To restore the older behavior, create `/etc/sysctl.d/protect-links.conf` with the contents: fs.protected_regular = 0 Then restart procps: sudo systemctl restart procps.service To verify run: $ sudo sysctl fs.protected_regular fs.protected_regular = 0 References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30aba6656f61ed44cba445a3c0d38b296fa9e8f5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915797 ** Bug watch added: Debian Bug tracker #915797 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915797 ** Changed in: linux (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1875667 Title: root cannot flock user file in rwt dir if parent gives limited access Status in linux package in Ubuntu: Invalid Bug description: 1. create folder by root 2. add wt permission flags to all in that folder 3. flock a file by user in that folder - success 4. flock the same file by root - error: Permission denied It is somehow important that user have limited access to parent folder (/ in this example). test@ubuntu20-04:~$ sudo rm -rf /t_rwt/ test@ubuntu20-04:~$ sudo mkdir /t_rwt test@ubuntu20-04:~$ sudo chmod a+wt /t_rwt test@ubuntu20-04:~$ flock /t_rwt/file echo aaa aaa test@ubuntu20-04:~$ sudo flock /t_rwt/file echo aaa flock: cannot open lock file /t_rwt/file: Permission denied test@ubuntu20-04:~$ ls -las /t_rwt total 8 4 drwxrwxrwt 2 root root 4096 Apr 28 08:01 . 4 drwxr-xr-x 26 root root 4096 Apr 28 08:00 .. 0 -rw-rw-r-- 1 test test0 Apr 28 08:01 file test@ubuntu20-04:~$ id uid=1000(test) gid=1000(test) groups=1000(test),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),120(lpadmin),131(lxd),132(sambashare) --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu27 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: test 1235 F pulseaudio CasperMD5CheckResult: skip DistroRelease: Ubuntu 20.04 InstallationDate: Installed on 2020-04-24 (4 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423) IwConfig: lono wireless extensions. ens33 no wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 005: ID 0a89:0030 Aktiv Rutoken ECP Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Lsusb-t: /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 12M |__ Port 2: Dev 3, If 0, Class=Hub, Driver=hub/7p, 12M /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/6p, 480M MachineType: VMware, Inc. VMware Virtual Platform Package: linux (not installed) ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 svgadrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-26-generic root=UUID=65106df1-06df-48ac-99b3-9ac564d83375 ro find_preseed=/preseed.cfg auto noprompt priority=critical locale=en_US quiet ProcVersionSignature: Ubuntu 5.4.0-26.30-generic 5.4.30 PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. RelatedPackageVersions: linux-restricted-modules-5.4.0-26-generic N/A linux-backports-modules-5.4.0-26-generic N/A linux-firmware1.187 RfKill: Tags: focal Uname: Linux 5.4.0-26-generic x86_64 UnreportableReason: This report is about a package that is not installed. UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: _MarkForUpload: False dmi.bios.date: 07/29/2019 dmi.bios.vendor: Phoenix Technologies LTD dmi.bios.version: 6.00 dmi.board.name: 440BX Desktop Reference Platform dmi.board.vendor: Intel Corporation dmi.board.version: None dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 1 dmi.chassis.vendor: No Enclosure dmi.chassis.version: N/A dmi.modalias: dmi:bvnPhoenixTechnologiesLTD:bvr6.00:bd07/29/2019:svnVMware,Inc.:pnVMwareVirtualPlatform:pvrNone:rvnIntelCorporation:rn440BXDesktopReferencePlatform:rvrNone:cvnNoEnclosure:ct1:cvrN/A: dmi.product.name: VMware Virtual Platform dmi.product.version: None dmi.sys.vendor: VMware, Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1875667/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe :
[Kernel-packages] [Bug 1875667] Re: root cannot flock user file in rwt dir if parent gives limited access
apport information ** Tags added: apport-collected ** Description changed: 1. create folder by root 2. add wt permission flags to all in that folder 3. flock a file by user in that folder - success 4. flock the same file by root - error: Permission denied It is somehow important that user have limited access to parent folder (/ in this example). test@ubuntu20-04:~$ sudo rm -rf /t_rwt/ test@ubuntu20-04:~$ sudo mkdir /t_rwt test@ubuntu20-04:~$ sudo chmod a+wt /t_rwt test@ubuntu20-04:~$ flock /t_rwt/file echo aaa aaa test@ubuntu20-04:~$ sudo flock /t_rwt/file echo aaa flock: cannot open lock file /t_rwt/file: Permission denied test@ubuntu20-04:~$ ls -las /t_rwt total 8 4 drwxrwxrwt 2 root root 4096 Apr 28 08:01 . 4 drwxr-xr-x 26 root root 4096 Apr 28 08:00 .. 0 -rw-rw-r-- 1 test test0 Apr 28 08:01 file test@ubuntu20-04:~$ id uid=1000(test) gid=1000(test) groups=1000(test),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),120(lpadmin),131(lxd),132(sambashare) + --- + ProblemType: Bug + ApportVersion: 2.20.11-0ubuntu27 + Architecture: amd64 + AudioDevicesInUse: + USERPID ACCESS COMMAND + /dev/snd/controlC0: test 1235 F pulseaudio + CasperMD5CheckResult: skip + DistroRelease: Ubuntu 20.04 + InstallationDate: Installed on 2020-04-24 (4 days ago) + InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423) + IwConfig: + lono wireless extensions. + + ens33 no wireless extensions. + Lsusb: + Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub + Bus 002 Device 005: ID 0a89:0030 Aktiv Rutoken ECP + Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub + Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse + Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub + Lsusb-t: + /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M + |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 12M + |__ Port 2: Dev 3, If 0, Class=Hub, Driver=hub/7p, 12M + /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/6p, 480M + MachineType: VMware, Inc. VMware Virtual Platform + Package: linux (not installed) + ProcEnviron: + TERM=xterm + PATH=(custom, no user) + LANG=en_US.UTF-8 + SHELL=/bin/bash + ProcFB: 0 svgadrmfb + ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-26-generic root=UUID=65106df1-06df-48ac-99b3-9ac564d83375 ro find_preseed=/preseed.cfg auto noprompt priority=critical locale=en_US quiet + ProcVersionSignature: Ubuntu 5.4.0-26.30-generic 5.4.30 + PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. + RelatedPackageVersions: + linux-restricted-modules-5.4.0-26-generic N/A + linux-backports-modules-5.4.0-26-generic N/A + linux-firmware1.187 + RfKill: + + Tags: focal + Uname: Linux 5.4.0-26-generic x86_64 + UnreportableReason: This report is about a package that is not installed. + UpgradeStatus: No upgrade log present (probably fresh install) + UserGroups: + + _MarkForUpload: False + dmi.bios.date: 07/29/2019 + dmi.bios.vendor: Phoenix Technologies LTD + dmi.bios.version: 6.00 + dmi.board.name: 440BX Desktop Reference Platform + dmi.board.vendor: Intel Corporation + dmi.board.version: None + dmi.chassis.asset.tag: No Asset Tag + dmi.chassis.type: 1 + dmi.chassis.vendor: No Enclosure + dmi.chassis.version: N/A + dmi.modalias: dmi:bvnPhoenixTechnologiesLTD:bvr6.00:bd07/29/2019:svnVMware,Inc.:pnVMwareVirtualPlatform:pvrNone:rvnIntelCorporation:rn440BXDesktopReferencePlatform:rvrNone:cvnNoEnclosure:ct1:cvrN/A: + dmi.product.name: VMware Virtual Platform + dmi.product.version: None + dmi.sys.vendor: VMware, Inc. ** Attachment added: "AlsaInfo.txt" https://bugs.launchpad.net/bugs/1875667/+attachment/5362846/+files/AlsaInfo.txt -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1875667 Title: root cannot flock user file in rwt dir if parent gives limited access Status in linux package in Ubuntu: Confirmed Bug description: 1. create folder by root 2. add wt permission flags to all in that folder 3. flock a file by user in that folder - success 4. flock the same file by root - error: Permission denied It is somehow important that user have limited access to parent folder (/ in this example). test@ubuntu20-04:~$ sudo rm -rf /t_rwt/ test@ubuntu20-04:~$ sudo mkdir /t_rwt test@ubuntu20-04:~$ sudo chmod a+wt /t_rwt test@ubuntu20-04:~$ flock /t_rwt/file echo aaa aaa test@ubuntu20-04:~$ sudo flock /t_rwt/file echo aaa flock: cannot open lock file /t_rwt/file: Permission denied test@ubuntu20-04:~$ ls -las /t_rwt total 8 4 drwxrwxrwt 2 root root 4096 Apr 28 08:01 . 4 drwxr-xr-x 26 root root 4096 Apr 28 08:00 .. 0 -rw-rw-r-- 1 test test0 Apr 28 08:01 file test@ubuntu20-04:~$
[Kernel-packages] [Bug 1875667] Re: root cannot flock user file in rwt dir if parent gives limited access
test@ubuntu20-04:~$ uname -a Linux ubuntu20-04 5.4.0-26-generic #30-Ubuntu SMP Mon Apr 20 16:58:30 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux test@ubuntu20-04:~$ cat /etc/*release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=20.04 DISTRIB_CODENAME=focal DISTRIB_DESCRIPTION="Ubuntu 20.04 LTS" NAME="Ubuntu" VERSION="20.04 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/; SUPPORT_URL="https://help.ubuntu.com/; BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/; PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy; VERSION_CODENAME=focal UBUNTU_CODENAME=focal ** Package changed: ubuntu => linux (Ubuntu) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1875667 Title: root cannot flock user file in rwt dir if parent gives limited access Status in linux package in Ubuntu: New Bug description: 1. create folder by root 2. add wt permission flags to all in that folder 3. flock a file by user in that folder - success 4. flock the same file by root - error: Permission denied It is somehow important that user have limited access to parent folder (/ in this example). test@ubuntu20-04:~$ sudo rm -rf /t_rwt/ test@ubuntu20-04:~$ sudo mkdir /t_rwt test@ubuntu20-04:~$ sudo chmod a+wt /t_rwt test@ubuntu20-04:~$ flock /t_rwt/file echo aaa aaa test@ubuntu20-04:~$ sudo flock /t_rwt/file echo aaa flock: cannot open lock file /t_rwt/file: Permission denied test@ubuntu20-04:~$ ls -las /t_rwt total 8 4 drwxrwxrwt 2 root root 4096 Apr 28 08:01 . 4 drwxr-xr-x 26 root root 4096 Apr 28 08:00 .. 0 -rw-rw-r-- 1 test test0 Apr 28 08:01 file test@ubuntu20-04:~$ id uid=1000(test) gid=1000(test) groups=1000(test),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),120(lpadmin),131(lxd),132(sambashare) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1875667/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
