This patch-set introduces two separate features aimed at restricting dangerous open in world or group writable sticky directories. The purpose is to prevent exploitable bugs in user-space programs that don't access sticky directories in the proper way. The first patch prevents the O_CREAT open of FIFOs and regular files in world or group writable sticky directories if they already exists and are owned by someone else. The second patch prevents O_CREAT open in world or group writable sticky when the O_EXCL flag is not set, even if the file doesn't exist yet. More details can be found in respective commit messages. Salvatore Mesoraca (2): Protected FIFOs and regular files Protected O_CREAT open in sticky directory Documentation/sysctl/fs.txt | 66 +++++++++++++++++++++++++ fs/namei.c | 118 ++++++++++++++++++++++++++++++++++++++++++-- include/linux/fs.h | 3 ++ kernel/sysctl.c | 27 ++++++++++ 4 files changed, 211 insertions(+), 3 deletions(-) -- 1.9.1
