Bug#954230: libc6: In a sticky directory root cannot write to files owned by normal users
it seems the difference lies in handling of O_CREAT.
# ls -ldn /var/tmp /var/tmp/hello
drwxrwxrwt 4 0 0 183 Apr 18 10:37 /var/tmp
-rw-rw-r-- 1 1002 1002 14 Apr 18 10:37 /var/tmp/hello
# echo 'howdy' >>/var/tmp/hello
bash: /var/tmp/hello: Permission denied
# cat /var/tmp/hello
hello, world!
# strace -f sh -c "echo 'howdy' >>/var/tmp/hello" 2>&1 | grep /var/tmp/hello | grep openat
openat(AT_FDCWD, "/var/tmp/hello", O_WRONLY|O_CREAT|O_APPEND, 0666) = -1 EACCES (Permission denied)
same permission problem with perl sysopen:
# strace -f -e trace=file 2>&1 perl -e 'use Fcntl; sysopen(my $fh, "/var/tmp/hello", O_WRONLY|O_CREAT|O_APPEND); print $fh "howdy\n"; close $fh;' | grep /var/tmp/hello
openat(AT_FDCWD, "/var/tmp/hello", O_WRONLY|O_CREAT|O_APPEND|O_CLOEXEC, 0666) = -1 EACCES (Permission denied)
but success when leaving out O_CREAT (also removes the creation umask argument in openat call):
# strace -f -e trace=file 2>&1 perl -e 'use Fcntl; sysopen(my $fh, "/var/tmp/hello", O_WRONLY|O_APPEND); print $fh "howdy\n"; close $fh;' | grep /var/tmp/hello
openat(AT_FDCWD, "/var/tmp/hello", O_WRONLY|O_APPEND|O_CLOEXEC) = 3
# ls -ldn /var/tmp/hello
-rw-rw-r-- 1 1002 1002 20 Apr 18 11:51 /var/tmp/hello
# cat /var/tmp/hello
hello, world!
howdy
Regards
Matthias Ferdinand
Reply to: