Re: Where to report: root fails to edit other users file in sticky bit directory

To: debian-user@lists.debian.org
Subject: Re: Where to report: root fails to edit other users file in sticky bit directory
From: Greg Wooledge <wooledg@eeg.ccf.org>
Date: Tue, 8 Dec 2020 16:03:49 -0500
Message-id: <[🔎] 20201208210349.GJ915@eeg.ccf.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 81cc772c-3a64-ece0-ac0c-01f944b0862c@dietpi.com>
References: <[🔎] 6c81b4e5-3474-1ac3-8382-9c97f4c158e1@dietpi.com> <[🔎] 4328be31-d3f5-8048-e371-9ced48598bfb@dietpi.com> <[🔎] 20201208155522.GB7697@tuxteam.de> <[🔎] 4cce2f32-f799-87e3-26ae-55a6bff5a01b@dietpi.com> <[🔎] 20201208164852.GC7697@tuxteam.de> <[🔎] 57ae0954-e914-91f6-87b0-93b861afd2cc@dietpi.com> <[🔎] 20201208174038.GD7697@tuxteam.de> <[🔎] 20201208182016.GH915@eeg.ccf.org> <[🔎] 81cc772c-3a64-ece0-ac0c-01f944b0862c@dietpi.com>

On Tue, Dec 08, 2020 at 09:50:32PM +0100, MichaIng wrote:
> And, root should IMO still be allowed to do it, as practically it can anyway
> via chown. root can as well remove any file, regardless of sticky bit, so
> this would be consistent.

Unexpected clobberin' by root is the actual *worst* case that this
security feature is trying to protect against.  Imagine this hypothetical
scenario:

1) Process A running as regular user alice creates a temp file in /tmp,
   owned by alice.

2) Dumb process B running as root decides to use the exact same temp file
   name that A is using.  It opens the file naively, and writes some
   stuff to it, intending to read it back later.

3) Process A rewinds the file and writes new stuff to it.

4) Process B reads process A's data from the file, thinking it was going
   to read its own data.

5) Process B calculates the wrong thing, and turns off the life support
   system.

I don't know how realistic this is, or how closely it mirrors the thought
processes of the people who came up with the modification.  But if you're
going to make this modification at all, it needs to affect root, or else
it's pointless.

Your unique situation, where user A is putting a file in /tmp for some
reason, and then user R is supposed to edit it in place, is really weird.
I don't know why you're putting this important shared file in /tmp, but
you might want to move it to a more appropriate place.

Reply to:

Follow-Ups:
- Re: Where to report: root fails to edit other users file in sticky bit directory
  - From: MichaIng <micha@dietpi.com>

References:
- Where to report: root fails to edit other users file in sticky bit directory
  - From: MichaIng <micha@dietpi.com>
- Re: Where to report: root fails to edit other users file in sticky bit directory
  - From: MichaIng <micha@dietpi.com>
- Re: Where to report: root fails to edit other users file in sticky bit directory
  - From: <tomas@tuxteam.de>
- Re: Where to report: root fails to edit other users file in sticky bit directory
  - From: MichaIng <micha@dietpi.com>
- Re: Where to report: root fails to edit other users file in sticky bit directory
  - From: <tomas@tuxteam.de>
- Re: Where to report: root fails to edit other users file in sticky bit directory
  - From: MichaIng <micha@dietpi.com>
- Re: Where to report: root fails to edit other users file in sticky bit directory
  - From: <tomas@tuxteam.de>
- Re: Where to report: root fails to edit other users file in sticky bit directory
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: Where to report: root fails to edit other users file in sticky bit directory
  - From: MichaIng <micha@dietpi.com>

Prev by Date: Re: Where to report: root fails to edit other users file in sticky bit directory
Next by Date: Re: SanDisk USB stick problem
Previous by thread: Re: Where to report: root fails to edit other users file in sticky bit directory
Next by thread: Re: Where to report: root fails to edit other users file in sticky bit directory
Index(es):
- Date
- Thread