proc.5: Document /proc/sys/fs/protected_fifos

Text heavily based on Documentation/admin-guide/sysctl/fs.rst. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-04-13 12:17:39 +02:00 · 2020-04-13 12:17:39 +02:00 · 7dcb9d213a
parent 43c257eaf3
commit 7dcb9d213a
1 changed files with 22 additions and 0 deletions
--- a/man5/proc.5
+++ b/man5/proc.5
@ -4597,6 +4597,28 @@ See
 See
 .BR pipe (7).
 .TP
+.IR /proc/sys/fs/protected_fifos " (since Linux 4.19)"
+The value in this file is/can be set to one of the following:
+.RS
+.TP 4
+0
+Writing to FIFOs is unrestricted.
+.TP
+1
+Don't allow
+.B O_CREAT
+.BR open (2) 
+on FIFOs that the caller doesn't own in world-writable sticky directories,
+unless the FIFO is owned by the owner of the directory.
+.TP
+2
+As for the value 1,
+but the restriction also applies to group-writable sticky directories.
+.RE
+.IP
+The intent of the above protections is to avoid unintentional writes to an
+attacker-controlled FIFO when a program expected to create a regular file.
+.TP
 .IR /proc/sys/fs/protected_hardlinks " (since Linux 3.6)"
 .\" commit 800179c9b8a1e796e441674776d11cd4c05d61d7
 When the value in this file is 0,