Kernel+Tests: Allow deleting someone else's file in my sticky directory

This should be allowed according to Dr. POSIX. :^)
author: Andreas Kling <kling@serenityos.org> 2022-12-19 19:32:31 +0100
committer: Andreas Kling <kling@serenityos.org> 2023-01-01 10:09:02 +0100
commit: 16f934474f8b10fcd26cd707b643aaa03dddd8f8 (patch)
tree: 849f950b13b1b4baf2f85d3c482eda1f17192794 /Kernel/FileSystem/VirtualFileSystem.cpp
parent: 47b9e8e6516d3608aca93426da6c42819c64d8e2 (diff)
download: serenity-16f934474f8b10fcd26cd707b643aaa03dddd8f8.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/Kernel/FileSystem/VirtualFileSystem.cpp b/Kernel/FileSystem/VirtualFileSystem.cpp
index fe0b827db2..98621c85ec 100644
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@@ -868,8 +868,13 @@ ErrorOr<void> VirtualFileSystem::rmdir(Credentials const& credentials, StringVie
         return EACCES;
 
     if (parent_metadata.is_sticky()) {
-        if (!credentials.is_superuser() && inode.metadata().uid != credentials.euid())
+        // [EACCES] The S_ISVTX flag is set on the directory containing the file referred to by the path argument
+        //          and the process does not satisfy the criteria specified in XBD Directory Protection.
+        if (!credentials.is_superuser()
+            && inode.metadata().uid != credentials.euid()
+            && parent_metadata.uid != credentials.euid()) {
             return EACCES;
+        }
     }
 
     size_t child_count = 0;
author	Andreas Kling <kling@serenityos.org>	2022-12-19 19:32:31 +0100
committer	Andreas Kling <kling@serenityos.org>	2023-01-01 10:09:02 +0100
commit	16f934474f8b10fcd26cd707b643aaa03dddd8f8 (patch)
tree	849f950b13b1b4baf2f85d3c482eda1f17192794 /Kernel/FileSystem/VirtualFileSystem.cpp
parent	47b9e8e6516d3608aca93426da6c42819c64d8e2 (diff)
download	serenity-16f934474f8b10fcd26cd707b643aaa03dddd8f8.zip