[Bug 1877151] [NEW] root unable to write to file in directory with sticky bit with fs.protected_regular set

Wed, 06 May 2020 09:41:20 -0700 

Public bug reported:

In Focal (kernel 5.4), given the following scenario...

1. Directory owned by root:root with mode 1775 (sticky bit set)
2. File inside directory owned by www-data:www-data with mode 0664
3. fs.protected_regular set to non-0 value (the default is now 2)

... root is unable to write to the file if O_CREAT is set when opening
it. Setting fs.protected_regular=0 works around the problem.

This seems to be the result of this change:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30aba6656f61ed44cba445a3c0d38b296fa9e8f5

It's not explicit in the commit message or documentation, but i wouldn't
expect this restriction to apply to root... right?


Replication:

% lsb_release -sd; cat /proc/version_signature
Ubuntu 20.04 LTS
Ubuntu 5.4.0-29.33-generic 5.4.30

# Create directory and file
% sudo -u www-data touch /tmp/myfile                                            
                                                       % \ls -ld /tmp 
/tmp/myfile
drwxrwxrwt 13 root     root     4096 May  6 11:18 /tmp
-rw-rw-r--  1 www-data www-data    0 May  6 11:18 /tmp/myfile

# Write by owner: OK
% sudo -u www-data sh -c 'whoami > /tmp/myfile'
% cat /tmp/myfile
www-data

# Write by root, fs.protected_regular=2 (default): FAIL
% sudo sysctl fs.protected_regular
fs.protected_regular = 2
% sudo -u root sh -c 'whoami > /tmp/myfile'
sh: 1: cannot create /tmp/myfile: Permission denied
% cat /tmp/myfile
www-data

# Write by root, fs.protected_regular=1: FAIL
# (NOTE: This one seems to succeed if /tmp/myfile is owned by www-data:root
# instead of www-data:www-data)
% sudo sysctl fs.protected_regular=1
fs.protected_regular = 1
% sudo -u root sh -c 'whoami > /tmp/myfile'
sh: 1: cannot create /tmp/myfile: Permission denied
% cat /tmp/myfile
www-data

# Write by root, fs.protected_regular=0: OK
% sudo sysctl fs.protected_regular=0
fs.protected_regular = 0
% sudo -u root sh -c 'whoami > /tmp/myfile'
% cat /tmp/myfile
root

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877151

Title:
  root unable to write to file in directory with sticky bit with
  fs.protected_regular set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1877151/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to