Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

os: Mkdir and OpenFile permission inconsistency on BSD when using sticky bit #23120

Closed
matthijskooijman opened this issue Dec 13, 2017 · 1 comment
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone

Comments

@matthijskooijman
Copy link
Contributor

matthijskooijman commented Dec 13, 2017

From review of the code, I found an issue with Mkdir and OpenFile on the BSD platforms. Both functions contain an exception on these platforms when the sticky bit is set in the permissions passed:

go/src/os/file.go

Lines 220 to 223 in 8776be1

// mkdir(2) itself won't handle the sticky bit on *BSD and Solaris
if !supportsCreateWithStickyBit && perm&ModeSticky != 0 {
Chmod(name, perm)
}

go/src/os/file_unix.go

Lines 159 to 163 in 8776be1

if !supportsCreateWithStickyBit && flag&O_CREATE != 0 && perm&ModeSticky != 0 {
if _, err := Stat(name); IsNotExist(err) {
chmod = true
}
}

Normally, the permissions of the created file or directory are influenced using the umask.
But these exceptions mean that, on BSD platforms, an explicit Chmod happens using the passed permissions, completely bypassing umask. This is at least inconsistent and surprising, and could be a security problem in some cases.

@ianlancetaylor ianlancetaylor changed the title Mkdir and OpenFile permission inconsistency on BSD when using sticky bit os: Mkdir and OpenFile permission inconsistency on BSD when using sticky bit Dec 13, 2017
@ianlancetaylor ianlancetaylor added the NeedsFix The path to resolution is known, but the work has not been done. label Dec 13, 2017
@ianlancetaylor ianlancetaylor added this to the Go1.11 milestone Dec 13, 2017
@paulzhol paulzhol self-assigned this Dec 16, 2017
@gopherbot
Copy link

Change https://golang.org/cl/84477 mentions this issue: os: respect umask in Mkdir and OpenFile on BSD systems when perm has ModeSticky set

@golang golang locked and limited conversation to collaborators Feb 23, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Development

No branches or pull requests

4 participants