Issue #16002 has been reported by SouravGoswami (Sourav Goswami).

----------------------------------------
Bug #16002: File.writable?('/tmp/file') returns true even if it's not writable on Linux 4.19+
https://bugs.ruby-lang.org/issues/16002

* Author: SouravGoswami (Sourav Goswami)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: 2.6.3
* Backport: 2.5: UNKNOWN, 2.6: UNKNOWN
----------------------------------------
Well, on Linux Kernel 4.19+ he fs.protected_regular and fs.protected_fifos sysctls were introduced in order to make some data spoofing attacks harder.

https://github.com/systemd/systemd/blob/03b6fa0c5b51b0d39334ff6ba183a3391443bcf6/NEWS#L53

If it's enabled (and it's true by default), then if you:

1. cd /tmp
2. touch file
3. chmod 666 file
# Switch to any user, but let's use root for example
4. su root
5. irb

In irb:
```
иг[root::archlinux][/tmp]
ижибиб irb
irb(main):001:0> File.writable?('ruby.rb')
=> true
irb(main):002:0> File.stat('ruby.rb')
=> #<File::Stat dev=0x2d, ino=819138, mode=0100644, nlink=1, uid=1000, gid=1000, rdev=0x0, size=0, blksize=4096, blocks=0, atime=2019-07-14 04:44:13 +0530, mtime=2019-07-14 04:44:13 +0530, ctime=2019-07-14 04:44:13 +0530>
irb(main):003:0> File.write('ruby.rb', '#!/usr/bin/ruby -w')
Traceback (most recent call last):
        3: from /root/.irb:351:in `<main>'
        2: from (irb):3
        1: from (irb):3:in `write'
Errno::EACCES (Permission denied @ rb_sysopen - ruby.rb)
irb(main):004:0> 
```

Screenshots:
https://imgur.com/tB4T5Jl
https://imgur.com/hzc5s27

Here's a stackoverflow post:
https://stackoverflow.com/a/57030460/11089758

And the same behaviour is seen in nano, vi, atom, geany, code, mousepad editors.
Now as Ruby's File.writable?(str) checks for the permission, it returns true.
The problem can be solved with `sysctl fs.protected_regular=0`.

But the issue is that File.writable?('/tmp/file') should return false if fs.protected_regular is 1 and the user is not the owner? of the file.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>