[RFC v2 0/2] Restrict dangerous open in sticky directories
From: Salvatore Mesoraca
Date: Tue Sep 26 2017 - 10:15:41 EST
This patch-set introduces two separate features aimed at restricting
dangerous open in world or group writable sticky directories.
The purpose is to prevent exploitable bugs in user-space programs
that don't access sticky directories in the proper way.
The first patch prevents the O_CREAT open of FIFOs and regular files
in world or group writable sticky directories if they already exists
and are owned by someone else.
The second patch prevents O_CREAT open in world or group writable
sticky when the O_EXCL flag is not set, even if the file doesn't
exist yet.
More details can be found in respective commit messages.
Salvatore Mesoraca (2):
Protected FIFOs and regular files
Protected O_CREAT open in sticky directory
Documentation/sysctl/fs.txt | 66 +++++++++++++++++++++++++
fs/namei.c | 118 ++++++++++++++++++++++++++++++++++++++++++--
include/linux/fs.h | 3 ++
kernel/sysctl.c | 27 ++++++++++
4 files changed, 211 insertions(+), 3 deletions(-)
--
1.9.1