| 1 |
On Fri, Mar 11, 2022 at 7:59 AM Neil Bothwick <neil@××××××××××.uk> wrote: |
| 2 |
> |
| 3 |
> On Fri, 11 Mar 2022 12:38:48 +0100, Dr Rainer Woitok wrote: |
| 4 |
> |
| 5 |
> > No. My "/tmp/" directory is not mounted at all, it is just a genuine |
| 6 |
> > directory in "/". And that root CAN overwrite a file it doesn't own in |
| 7 |
> > other directories, is due to most directories not having the sticky bit |
| 8 |
> > set (which is a (wanted) particularity of "/tmp/" and "/var/tmp/", in |
| 9 |
> > that it prevents normal users from (re)moving other people's files): |
| 10 |
> |
| 11 |
> It's not the sticky bit per se from what I've read, but the new default |
| 12 |
> prevents root from overwriting a file if the file and the directory |
| 13 |
> containing it have different owners. In most cases, the file has the same |
| 14 |
> directory as the owner so this does not happen, but the sticky bit allows |
| 15 |
> users that don't own the directory to create files in it. |
| 16 |
> |
| 17 |
> |
| 18 |
> -- |
| 19 |
> Neil Bothwick |
| 20 |
> |
| 21 |
> Assassins do it from behind. |
| 22 |
|
| 23 |
Is this related to the 'dirty pipe' vulnerability that has been in the |
| 24 |
news of late and has gotten patched in most distros in the last few |
| 25 |
days? |
| 26 |
|
| 27 |
- Mark |
Archives