[PATCH v3 0/2] Restrict dangerous open in sticky directories

From: Salvatore Mesoraca
Date: Wed Nov 22 2017 - 03:02:28 EST

This patch-set introduces two separate features aimed at restricting
dangerous open in world or group writable sticky directories.
The purpose is to prevent exploitable bugs in user-space programs
that don't access sticky directories in the proper way.
The first patch prevents the O_CREAT open of FIFOs and regular files
in world or group writable sticky directories, if they already exists
and are owned by someone else.
The second patch prevents O_CREAT open in world or group writable
sticky when the O_EXCL flag is not set, even if the file doesn't
exist yet.
More details can be found in the respective commit messages.

Changes in v3:
- Fixed format string for uid_t that is unsigned
(suggested by Jann Horn).
- Stop checking if file's and parent dir's owners match in
may_create_no_excl. This will allow to discover potential
vulnerabilities more easily.

Salvatore Mesoraca (2):
Protected FIFOs and regular files
Protected O_CREAT open in sticky directories

Documentation/sysctl/fs.txt | 66 +++++++++++++++++++++++++
fs/namei.c | 117 ++++++++++++++++++++++++++++++++++++++++++--
include/linux/fs.h | 3 ++
kernel/sysctl.c | 27 ++++++++++
4 files changed, 210 insertions(+), 3 deletions(-)