Unprivileged user can't set sticky bit on a file; why?
David Malone
dwmalone at maths.tcd.ie
Fri Nov 14 01:54:49 PST 2008
On Thu, Nov 13, 2008 at 11:05:21PM -0800, Nate Eldredge wrote:
> since root is able to do it. src/sys/ufs/ufs/ufs_vnops.c has the
> following comment:
>
> /*
> * Privileged processes may set the sticky bit on non-directories,
> * as well as set the setgid bit on a file with a group that the
> * process is not a member of. Both of these are allowed in
> * jail(8).
> */
>
> but does not explain why unprivileged process should be forbidden to set
> the sticky bit.
I'm guessing a little, but this check has been there since the first
revision of ufs_vnops.c in FreeBSD, see:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/ufs/ufs/ufs_vnops.c?annotate=1.1
line 424. When this was imported, there was still a call to
vnode_pager_uncache based on the sticky bit a few lines down. This
may explain why the check was there at the time - it was to stop
ordinary users giving hints to the pager system.
David.
More information about the freebsd-hackers
mailing list