On Sun, May 30, 2010 at 08:04:02PM -0700, Kees Cook wrote: > - Violates POSIX. > - POSIX didn't consider this situation and it's not useful to follow > a broken specification at the cost of security. POSIX allows implementations to fail requested operations with a permission denied for reasons beyond that which is specified by the POSIX implementation. Indeed, POSIX doesn't specify the sticky bit at all, so implementations that implemented the sticky bit were able to pass POSIX precisely because it's OK to provide stricter semantics than that which is specified by POSIX. (The sticky bit is specified in the XSI exstension to the Single Unix Specification, but the same principle applies; it's OK for us have additional situations where we return EACCESS beyond that which was contemplated by POSIX/SUS; this alone wouldn't cause us to 'violate POSIX'.) So for people who to argue against this (which I believe to be a useful restriction, and not one that necessarily has to be done in a LSM), it's not sufficient to say that it is a POSIX violation, because it isn't. The sticky bit itself wasn't originally considered by POSIX, and many systems which implemented the sticky bit had no problems becoming ceritifed as POSIX compliant. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
