mirror of https://github.com/mkerrisk/man-pages
proc.5: Document /proc/sys/fs/protected_fifos
Text heavily based on Documentation/admin-guide/sysctl/fs.rst. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
43c257eaf3
commit
7dcb9d213a
22
man5/proc.5
22
man5/proc.5
|
@ -4597,6 +4597,28 @@ See
|
|||
See
|
||||
.BR pipe (7).
|
||||
.TP
|
||||
.IR /proc/sys/fs/protected_fifos " (since Linux 4.19)"
|
||||
The value in this file is/can be set to one of the following:
|
||||
.RS
|
||||
.TP 4
|
||||
0
|
||||
Writing to FIFOs is unrestricted.
|
||||
.TP
|
||||
1
|
||||
Don't allow
|
||||
.B O_CREAT
|
||||
.BR open (2)
|
||||
on FIFOs that the caller doesn't own in world-writable sticky directories,
|
||||
unless the FIFO is owned by the owner of the directory.
|
||||
.TP
|
||||
2
|
||||
As for the value 1,
|
||||
but the restriction also applies to group-writable sticky directories.
|
||||
.RE
|
||||
.IP
|
||||
The intent of the above protections is to avoid unintentional writes to an
|
||||
attacker-controlled FIFO when a program expected to create a regular file.
|
||||
.TP
|
||||
.IR /proc/sys/fs/protected_hardlinks " (since Linux 3.6)"
|
||||
.\" commit 800179c9b8a1e796e441674776d11cd4c05d61d7
|
||||
When the value in this file is 0,
|
||||
|
|
Loading…
Reference in New Issue