From: bugzilla-daemon@bugzilla.kernel.org
To: linux-ext4@vger.kernel.org
Subject: [Bug 60676] Stat system call gives permission denied to root for links under a sticky bit
Date: Thu, 01 Aug 2013 15:55:00 +0000 [thread overview]
Message-ID: <bug-60676-13602-4tfhYrgx4e@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-60676-13602@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=60676
--- Comment #1 from Theodore Tso <tytso@mit.edu> ---
On Thu, Aug 01, 2013 at 03:02:36PM +0000, bugzilla-daemon@bugzilla.kernel.org
wrote:
>
> If a directory has a sticky bit set, root cannot use anything that makes the
> stat system call on any of the links there.
>
> Example:
> > $ ls -ld /tmp/
> > drwxrwxrwt 17 root root 4825088 Aug 1 10:50 /tmp/
> > $ mkdir /tmp/testdir
> > $ touch /tmp/testdir/testfile
> > $ ln -s /tmp/testdir/ /tmp/testlink
> > $ ls /tmp/testlink/
> > testfile
> > $ su
> > # ls /tmp/testlink
> ls: cannot access /tmp/testlink: Permission denied
> > # ls /tmp/testdir
> > testfile
Works for me:
<tytso.root@lambda> {/tmp}, level 2
509# ls -aldg /tmp
0 drwxrwxrwt 18 root 1840 Aug 1 11:10 /tmp/
<tytso.root@lambda> {/tmp}, level 2
510# stat /tmp/testdir
File: tmp/testdir'
Size: 60 Blocks: 0 IO Block: 4096 directory
Device: 12h/18d Inode: 3290419 Links: 2
Access: (0700/drwx------) Uid: (15806/ tytso) Gid: (15806/ tytso)
Access: 2013-08-01 11:10:01.141462969 -0400
Modify: 2013-08-01 11:09:53.301463057 -0400
Change: 2013-08-01 11:10:51.261462406 -0400
Birth: -
<tytso.root@lambda> {/tmp}, level 2
511# stat /tmp/testfile
File: tmp/testfile' -> stdir/testfile'
Size: 16 Blocks: 0 IO Block: 4096 symbolic link
Device: 12h/18d Inode: 3288475 Links: 1
Access: (0777/lrwxrwxrwx) Uid: (15806/ tytso) Gid: (15806/ tytso)
Access: 2013-08-01 11:10:04.701462929 -0400
Modify: 2013-08-01 11:10:03.691462941 -0400
Change: 2013-08-01 11:10:03.691462941 -0400
Birth: -
<tytso.root@lambda> {/tmp}, level 2
512# uname -a
Linux lambda 3.11.0-rc2-00261-g316da4e #50 SMP Fri Jul 26 08:41:29 EDT 2013
x86_64 GNU/Linux
<tytso.root@lambda> {/tmp}, level 2
513#
I suspect you are using SELinux? (You have a security problem. So
you install SELinux; now you have 6+ megabytes worth of problems when
you try to decipher the SELinux policy definitions. :-)
- Ted
--
You are receiving this mail because:
You are watching the assignee of the bug.
next prev parent reply other threads:[~2013-08-01 15:55 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-01 15:02 [Bug 60676] New: Stat system call gives permission denied to root for links under a sticky bit bugzilla-daemon
2013-08-01 15:55 ` bugzilla-daemon [this message]
2013-08-01 18:19 ` [Bug 60676] " bugzilla-daemon
2013-08-01 18:21 ` [Bug 60676] New: " Christoph Hellwig
2013-08-02 0:44 ` Theodore Ts'o
2013-08-02 0:44 ` [Bug 60676] " bugzilla-daemon
2013-08-02 3:16 ` jon ernst
2013-08-02 14:34 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-60676-13602-4tfhYrgx4e@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).