Hello Aleksa, On 6/10/20 7:53 AM, Aleksa Sarai wrote: > Hi Michael, > > Sorry for the delay and here is the patch I promised in this thread. Thanks! Patch applied. Cheers, Michael > --8<---------------------------------------------------------------------8<-- > > Traditionally, magic-links have not been a well-understood topic in > Linux. This helps clarify some of the terminology used in openat2.2. > > Signed-off-by: Aleksa Sarai <cyphar@xxxxxxxxxx> > --- > man7/symlink.7 | 31 ++++++++++++++++++++++--------- > 1 file changed, 22 insertions(+), 9 deletions(-) > > diff --git a/man7/symlink.7 b/man7/symlink.7 > index 07b1db3a3764..ed99bc4236f1 100644 > --- a/man7/symlink.7 > +++ b/man7/symlink.7 > @@ -84,6 +84,21 @@ as they are implemented on Linux and other systems, > are outlined here. > It is important that site-local applications also conform to these rules, > so that the user interface can be as consistent as possible. > +.SS Magic-links > +There is a special class of symlink-like objects known as "magic-links" which > +can be found in certain pseudo-filesystems such as > +.BR proc (5) > +(examples include > +.IR /proc/[pid]/exe " and " /proc/[pid]/fd/* .) > +Unlike normal symlinks, magic-links are not resolved through > +pathname-expansion, but instead act as direct references to the kernel's own > +representation of a file handle. As such, these magic-links allow users to > +access files which cannot be referenced with normal paths (such as unlinked > +files still referenced by a running program.) > +.PP > +Because they can bypass ordinary > +.BR mount_namespaces (7)-based > +restrictions, magic-links have been used as attack vectors in various exploits. > .SS Symbolic link ownership, permissions, and timestamps > The owner and group of an existing symbolic link can be changed > using > @@ -99,16 +114,14 @@ of a symbolic link can be changed using > or > .BR lutimes (3). > .PP > -On Linux, the permissions of a symbolic link are not used > -in any operations; the permissions are always > -0777 (read, write, and execute for all user categories), > .\" Linux does not currently implement an lchmod(2). > -and can't be changed. > -(Note that there are some "magic" symbolic links in the > -.I /proc > -directory tree\(emfor example, the > -.IR /proc/[pid]/fd/* > -files\(emthat have different permissions.) > +On Linux, the permissions of an ordinary symbolic link are not used in any > +operations; the permissions are always 0777 (read, write, and execute for all > +user categories), and can't be changed. > +.PP > +However, magic-links do not follow this rule. They can have a non-0777 mode, > +though this mode is not currently used in any permission checks. > + > .\" > .\" The > .\" 4.4BSD > -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/