Date: Fri, 14 Nov 2008 09:54:45 +0000 From: David Malone <dwmalone@maths.tcd.ie> To: Nate Eldredge <neldredge@math.ucsd.edu> Cc: freebsd-hackers@freebsd.org Subject: Re: Unprivileged user can't set sticky bit on a file; why? Message-ID: <20081114095445.GA69339@walton.maths.tcd.ie> In-Reply-To: <Pine.GSO.4.64.0811132245120.1597@zeno.ucsd.edu> References: <Pine.GSO.4.64.0811132245120.1597@zeno.ucsd.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 13, 2008 at 11:05:21PM -0800, Nate Eldredge wrote: > since root is able to do it. src/sys/ufs/ufs/ufs_vnops.c has the > following comment: > > /* > * Privileged processes may set the sticky bit on non-directories, > * as well as set the setgid bit on a file with a group that the > * process is not a member of. Both of these are allowed in > * jail(8). > */ > > but does not explain why unprivileged process should be forbidden to set > the sticky bit. I'm guessing a little, but this check has been there since the first revision of ufs_vnops.c in FreeBSD, see: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/ufs/ufs/ufs_vnops.c?annotate=1.1 line 424. When this was imported, there was still a call to vnode_pager_uncache based on the sticky bit a few lines down. This may explain why the check was there at the time - it was to stop ordinary users giving hints to the pager system. David.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081114095445.GA69339>