diff options
author | Michael Kerrisk <mtk.manpages@gmail.com> | 2020-04-13 12:17:39 +0200 |
---|---|---|
committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2020-04-13 12:27:48 +0200 |
commit | 7dcb9d213a42047de434dea5778073f2fa34e62c (patch) | |
tree | a76dda6852b8a9fac60fda04a19f0a2429954d18 /man5 | |
parent | 43c257eaf354d153d42eceadad64075b4695abbd (diff) | |
download | man-pages-7dcb9d213a42047de434dea5778073f2fa34e62c.tar.gz |
proc.5: Document /proc/sys/fs/protected_fifos
Text heavily based on Documentation/admin-guide/sysctl/fs.rst.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man5')
-rw-r--r-- | man5/proc.5 | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/man5/proc.5 b/man5/proc.5 index a1ae0ac181..9cdec71987 100644 --- a/man5/proc.5 +++ b/man5/proc.5 @@ -4597,6 +4597,28 @@ See See .BR pipe (7). .TP +.IR /proc/sys/fs/protected_fifos " (since Linux 4.19)" +The value in this file is/can be set to one of the following: +.RS +.TP 4 +0 +Writing to FIFOs is unrestricted. +.TP +1 +Don't allow +.B O_CREAT +.BR open (2) +on FIFOs that the caller doesn't own in world-writable sticky directories, +unless the FIFO is owned by the owner of the directory. +.TP +2 +As for the value 1, +but the restriction also applies to group-writable sticky directories. +.RE +.IP +The intent of the above protections is to avoid unintentional writes to an +attacker-controlled FIFO when a program expected to create a regular file. +.TP .IR /proc/sys/fs/protected_hardlinks " (since Linux 3.6)" .\" commit 800179c9b8a1e796e441674776d11cd4c05d61d7 When the value in this file is 0, |