Path: utzoo!attcan!uunet!husc6!bloom-beacon!mit-eddie!uw-beaver!tektronix!tekcrl!terryl From: terryl@tekcrl.CRL.TEK.COM Newsgroups: comp.bugs.misc Subject: Re: Bug in Ultrix 2.0:setting the sticky bit Keywords: tricky sticky Sun Message-ID: <2862@tekcrl.CRL.TEK.COM> Date: 26 Jul 88 00:08:04 GMT References: <552@philmds.UUCP> <241@pigs.UUCP> <3341@palo-alto.DEC.COM> <472@cf-cm.UUCP> <472@draken.nada.kth.se> Reply-To: terryl@tekcrl.CRL.TEK.COM Organization: Tektronix, Inc., Beaverton, OR. Lines: 38 In article <472@draken.nada.kth.se> zap@nada.kth.se (Svante Lindahl) writes: >[ Bug: anybody can create file with sticky-bit. > Leo de Wit found the bug under Ultrix 2.0. > Joe Bob Willie reports no bug on Plexus. > Paul Vixie finds bug on Ultrix 2.x, but it is not present on > the Ultrix 1.2 and 4.3BSD systems he tested. > Robert Evans says that SunOS 3.5 has it. ] > >I tested the following systems: >Pyramid OSx 4.0: Bug present >Sequent Dynix 3.0.4: Bug present >VAX 4.3BSD: Bug not present >VAX 4.3BSD+NFS (MtXinu): Bug present >Sun SunOS 3.4.2 Bug present > >All the systems were the bug has been found have NFS. None of the >systems that don't have the bug have NFS. Draw your own conclusions >from that. Perusing kernel sources, one can find (for 4.2/4.3 generic-type systems) the following code fragment(when creating a file for the FIRST time): .... = ....(arg&07777&(~ISVTX)); where .... is something to keep the ATT lawyers (and Berkeley's!!! (-:) off my back; ISVTX is the "sticky bit". So one can see that under generic 4.3 systems, no one (not even root) can create a file with the "sticky bit" set. Looking at kernel sources for an NFS machine, I found a similar code fragment, but without the corresponding ISVTX (actually, I found it with the fragment in, but the log specifically said it was a fix; earlier versions did NOT have the corresponding ISVTX fragment). So, from this information, I think it is safe to assume that it is a bug peculiar to NFS, and not 4.2/4.3 generic-type systems (which is strange, because the NFS code is VERY close to the generic 4.2/4.3 code; sounds like someone fat-fingered it....).