Re: Subject: Re: ext3 to include capabilities?

Richard Gooch (rgooch@atnf.csiro.au)
Sat, 3 Apr 1999 21:38:49 +1000

Albert D. Cahalan writes:
> Rogier Wolff writes:
> > Albert D. Cahalan wrote:
>
> >> Oh my, do we have a bug? The sticky bit is normally for root only.
> >> Here is Digital UNIX:
> >
> > That is because the sticky bit is "old fashioned". It used to be used
> ...
> > On directories, a second meaning was assigned for this bit. This is
> > not privileged.
>
> I know what it was and is used for. I think we have a bug.
> As you can see below, Digital UNIX _does_ let a normal user
> set the sticky bit on a directory:
>
> $ md bits
> $ chmod 7777 bits
> $ ls -ld bits
> drwsrwsrwt 2 acahalan acahalan 512 Apr 3 06:05 bits
>
> Normal behavior seems to be:
>
> regular file: only root can set the sticky bit

True for SunOS, Solaris and IRIX. Not true for Linux.

Because setting the sticky bit for regular files isn't universally
enforced, we can't overload it for capabilities. Fixing kernel 2.2.6
and 2.0.37 won't do, because there could be many filesystems which
have existing files with the sticky bit set. You could pre-emptively
create a capabilities header on existing systems.

Telling the sysadmin to purge the sticky bit on all files is not an
option, because those who don't know about this will be exposed to
lusers. Besides, there would be a need to audit backup tapes and so
on. It's a mess.

Regards,

Richard....

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/