RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 17:12:43 +00:00
Code Issues Activity Actions

Kernel: Don't allow non-root, non-owners to rmdir any child of sticky

Browse source 
We were not handling sticky parents properly in sys$rmdir(). Child
directories of a sticky parent should not be rmdir'able by just anyone.
Only the owner and root.

Fixes #4875.
This commit is contained in:
Andreas Kling 2021-01-10 10:12:15 +01:00
parent f35a723f61
commit 795bccbf69
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Kernel/FileSystem/VirtualFileSystem.cpp
View file

@ -750,10 +750,16 @@ KResult VFS::rmdir(StringView path, Custody& base)
return KResult(-EBUSY); return KResult(-EBUSY);
auto& parent_inode = parent_custody->inode(); auto& parent_inode = parent_custody->inode();
auto parent_metadata = parent_inode.metadata();
if (!parent_inode.metadata().may_write(*Process::current())) if (!parent_metadata.may_write(*Process::current()))
return KResult(-EACCES); return KResult(-EACCES);
if (parent_metadata.is_sticky()) {
if (!Process::current()->is_superuser() && inode.metadata().uid != Process::current()->euid())
return KResult(-EACCES);
}
KResultOr<size_t> dir_count_result = inode.directory_entry_count(); KResultOr<size_t> dir_count_result = inode.directory_entry_count();
if (dir_count_result.is_error()) if (dir_count_result.is_error())
return dir_count_result.result(); return dir_count_result.result();