[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#954230: libc6: In a sticky directory root cannot write to files owned by normal users



it seems the difference lies in handling of O_CREAT.

    # ls -ldn /var/tmp /var/tmp/hello
    drwxrwxrwt 4    0    0 183 Apr 18 10:37 /var/tmp
    -rw-rw-r-- 1 1002 1002  14 Apr 18 10:37 /var/tmp/hello

    # echo 'howdy' >>/var/tmp/hello
    bash: /var/tmp/hello: Permission denied

    # cat /var/tmp/hello
    hello, world!

    # strace -f sh -c "echo 'howdy' >>/var/tmp/hello" 2>&1 | grep /var/tmp/hello | grep openat
    openat(AT_FDCWD, "/var/tmp/hello", O_WRONLY|O_CREAT|O_APPEND, 0666) = -1 EACCES (Permission denied)


same permission problem with perl sysopen:

    # strace -f -e trace=file 2>&1 perl -e 'use Fcntl; sysopen(my $fh, "/var/tmp/hello", O_WRONLY|O_CREAT|O_APPEND); print $fh "howdy\n"; close $fh;' | grep /var/tmp/hello
    openat(AT_FDCWD, "/var/tmp/hello", O_WRONLY|O_CREAT|O_APPEND|O_CLOEXEC, 0666) = -1 EACCES (Permission denied)


but success when leaving out O_CREAT (also removes the creation umask argument in openat call):

    # strace -f -e trace=file 2>&1 perl -e 'use Fcntl; sysopen(my $fh, "/var/tmp/hello", O_WRONLY|O_APPEND); print $fh "howdy\n"; close $fh;' | grep /var/tmp/hello
    openat(AT_FDCWD, "/var/tmp/hello", O_WRONLY|O_APPEND|O_CLOEXEC) = 3

    # ls -ldn /var/tmp/hello
    -rw-rw-r-- 1 1002 1002 20 Apr 18 11:51 /var/tmp/hello

    # cat /var/tmp/hello
    hello, world!
    howdy


Regards
Matthias Ferdinand


Reply to: