2017-11-24 11:53 GMT+01:00 David Laight <David.Laight@xxxxxxxxxx>: > From: Alan Cox >> Sent: 22 November 2017 16:52 >> >> On Wed, 22 Nov 2017 09:01:46 +0100 >> Salvatore Mesoraca <s.mesoraca16@xxxxxxxxx> wrote: >> >> > Disallows O_CREAT open missing the O_EXCL flag, in world or >> > group writable directories, even if the file doesn't exist yet. >> > With few exceptions (e.g. shared lock files based on flock()) >> >> Enough exceptions to make it a bad idea. >> >> Firstly if you care this much *stop* having shared writable directories. >> We have namespaces, you don't need them. You can give every user their >> own /tmp etc. > > Looks like a very bad idea to me as well. > > Doesn't this stop all shell redirects into a shared /tmp ? > I'm pretty sure most programs use O_CREAT | O_TRUNC for output > files - they'll all stop working. If some program does such a thing, that's a potential vulnerability. With "protected_hardlinks" you are, in most cases, safe. But, still, that program has a bug and having this feature enabled will help you notice it soon. For that matter, I'm using this patch on my system and I don't have any program behaving like this. > If there are some directories where you need to force O_EXCL you > need to make it a property of the directory, not the kernel. > > David >
