From owner-freebsd-hackers@FreeBSD.ORG  Fri Nov 14 09:54:49 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 34A361065677
	for <freebsd-hackers@freebsd.org>; Fri, 14 Nov 2008 09:54:49 +0000 (UTC)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie
	[IPv6:2001:770:10:300::86e2:510b])
	by mx1.freebsd.org (Postfix) with SMTP id 81F918FC12
	for <freebsd-hackers@freebsd.org>; Fri, 14 Nov 2008 09:54:48 +0000 (UTC)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from walton.maths.tcd.ie ([134.226.81.10] helo=walton.maths.tcd.ie)
	by salmon.maths.tcd.ie with SMTP id <aa15885@salmon>;
	14 Nov 2008 09:54:46 +0000 (GMT)
Date: Fri, 14 Nov 2008 09:54:45 +0000
From: David Malone <dwmalone@maths.tcd.ie>
To: Nate Eldredge <neldredge@math.ucsd.edu>
Message-ID: <20081114095445.GA69339@walton.maths.tcd.ie>
References: <Pine.GSO.4.64.0811132245120.1597@zeno.ucsd.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.64.0811132245120.1597@zeno.ucsd.edu>
User-Agent: Mutt/1.5.6i
Sender: dwmalone@maths.tcd.ie
Cc: freebsd-hackers@freebsd.org
Subject: Re: Unprivileged user can't set sticky bit on a file; why?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Nov 2008 09:54:49 -0000

On Thu, Nov 13, 2008 at 11:05:21PM -0800, Nate Eldredge wrote:
> since root is able to do it.  src/sys/ufs/ufs/ufs_vnops.c has the 
> following comment:
> 
>         /*
>          * Privileged processes may set the sticky bit on non-directories,
>          * as well as set the setgid bit on a file with a group that the
>          * process is not a member of.  Both of these are allowed in
>          * jail(8).
>          */
> 
> but does not explain why unprivileged process should be forbidden to set 
> the sticky bit.

I'm guessing a little, but this check has been there since the first
revision of ufs_vnops.c in FreeBSD, see:

	http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/ufs/ufs/ufs_vnops.c?annotate=1.1

line 424. When this was imported, there was still a call to
vnode_pager_uncache based on the sticky bit a few lines down. This
may explain why the check was there at the time - it was to stop
ordinary users giving hints to the pager system.

	David.