Skip to content

Fallback Permission Changes To openat + chmod To Support Older Kernels#326

Open
NotGeri wants to merge 1 commit into
pterodactyl:developfrom
NotGeri:hotfix/chmod-older-kernels
Open

Fallback Permission Changes To openat + chmod To Support Older Kernels#326
NotGeri wants to merge 1 commit into
pterodactyl:developfrom
NotGeri:hotfix/chmod-older-kernels

Conversation

@NotGeri

@NotGeri NotGeri commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

dba5831 introduced a fix for TOCTOU attacks with AT_SYMLINK_NOFOLLOW, which is only available in the fchmodat2 syscall, only supported on kernel 6.6+.

This causes legitimate non-symlink-related permission updates to fail with operation not supported when users attempt to use the 'Permissions' button in the 'File Manager' tab or just have their SFTP client send Setstat, which most modern desktop SFTP clients do by default

There are countless LTS server operating systems affected by this, including various LTS Debian, Ubuntu and especially RHEL versions, all supported by the daemon in theory: https://pterodactyl.io/wings/1.0/installing.html

This was briefly discussed here :


The simplest fix appeared to use the existing openedat infrastructure and unix#Fchmod the safe file descriptor directly, but I'm open to any other suggestions. The PR also resolves a minor FD leak from openat, but I'm happy to split that out if it's preferred

I have tested this on various supported Debian and Ubuntu versions, and everything appeared to work just fine. I have not tested RHEL-based distros

@robertdrakedennis

Copy link
Copy Markdown
Contributor

hey thanks for contributing! I'll review this at the end of my day

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants