Kernel: Don't allow non-root, non-owners to rmdir any child of sticky

We were not handling sticky parents properly in sys$rmdir(). Child directories of a sticky parent should not be rmdir'able by just anyone. Only the owner and root. Fixes #4875.
author: Andreas Kling <kling@serenityos.org> 2021-01-10 10:12:15 +0100
committer: Andreas Kling <kling@serenityos.org> 2021-01-10 10:14:33 +0100
commit: 795bccbf697a805eaece48e1c554fc5fe1ab09fc (patch)
tree: 799237e499098314ee6797d57c49a310e13b76be
parent: f35a723f61c4a816b35a581de304ce031ef17151 (diff)
download: serenity-795bccbf697a805eaece48e1c554fc5fe1ab09fc.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/Kernel/FileSystem/VirtualFileSystem.cpp b/Kernel/FileSystem/VirtualFileSystem.cpp
index 29e69308f2..05910e0110 100644
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@@ -750,10 +750,16 @@ KResult VFS::rmdir(StringView path, Custody& base)
         return KResult(-EBUSY);
 
     auto& parent_inode = parent_custody->inode();
+    auto parent_metadata = parent_inode.metadata();
 
-    if (!parent_inode.metadata().may_write(*Process::current()))
+    if (!parent_metadata.may_write(*Process::current()))
         return KResult(-EACCES);
 
+    if (parent_metadata.is_sticky()) {
+        if (!Process::current()->is_superuser() && inode.metadata().uid != Process::current()->euid())
+            return KResult(-EACCES);
+    }
+
     KResultOr<size_t> dir_count_result = inode.directory_entry_count();
     if (dir_count_result.is_error())
         return dir_count_result.result();
author	Andreas Kling <kling@serenityos.org>	2021-01-10 10:12:15 +0100
committer	Andreas Kling <kling@serenityos.org>	2021-01-10 10:14:33 +0100
commit	795bccbf697a805eaece48e1c554fc5fe1ab09fc (patch)
tree	799237e499098314ee6797d57c49a310e13b76be
parent	f35a723f61c4a816b35a581de304ce031ef17151 (diff)
download	serenity-795bccbf697a805eaece48e1c554fc5fe1ab09fc.zip