[RndTbl] creat() fails on non-root owned file when stickybit set on dir (tcsh) (new kernel bug?)
Trevor Cordes
trevor at tecnopolis.ca
Mon Dec 30 23:57:37 CST 2019
After much kernel bisecting by me that yielded nothing of value, it
turns out the bug isn't the kernel, it's a change in Fedora's default
sysctl.conf settings between F29 and F30 that enable a new-ish kernel
"feature". The "feature" turns on this behavior.
Thanks to Andrew Morton and especially Al Viro for figuring this out
for me as I'm pretty sure a sysctl of some obscure feature would have
been the last place I would have looked!
The solution is:
echo 0 >> /proc/sys/fs/protected_regular
The new feature is (and it may be systemd deciding this):
* The fs.protected_regular and fs.protected_fifos sysctls, which were
added in Linux 4.19 to make some data spoofing attacks harder, are
now enabled by default. While this will hopefully improve the
security of most installations, it is technically a backwards
incompatible change; to disable these sysctls again, place the
following lines in /etc/sysctl.d/60-protected.conf or a similar file:
fs.protected_regular = 0
fs.protected_fifos = 0
The bz is:
https://bugzilla.kernel.org/show_bug.cgi?id=205727
More information about the Roundtable
mailing list