Unlinking objects in a directory with sticky bit set
Matthew Dillon
dillon at apollo.backplane.com
Sun May 3 23:25:30 PDT 2009
The problem is even worse. rename() doesn't check directory perms
at all for the source directory on a HAMMER filesystem (because HAMMER
depends on the kernel to make the checks and doesn't do them itself).
I blew it.
That's a huge gaping security hole so we are going to have to
roll a 2.2.2 this week to correct it.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Bugs
mailing list