[Bug 1176] Cannot set sticky bits via sftp

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Mar 24 03:16:02 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=1176





------- Comment #1 from paulg at chiark.greenend.org.uk  2006-03-24 03:16 -------
It is not possible to set sticky bits via sftp due to the following code in the
process_setstat() function in sftp-server.c

if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
    ret = chmod(name, a->perm & 0777);
    if (ret == -1)
         status = errno_to_portable(errno);
}

If the user has shell access then they can execute a chmod command via ssh to
get round this therefore even if there is a security reason for doing this it
should at least be configurable. If there is a valid security reason for doing
this it should be noted in the FAQ.

I found this while attempting to use sshfs, which uses sftp underneath.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list