This is on by default in Debian, maybe the next reader won't spend an hour tracing the kernel. Closes: https://bugs.debian.org/1033477 Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@xxxxxxxxxxxxxxxxxx> --- man7/symlink.7 | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/man7/symlink.7 b/man7/symlink.7 index 77fefb743..550b60486 100644 --- a/man7/symlink.7 +++ b/man7/symlink.7 @@ -84,10 +84,23 @@ magic links have been used as attack vectors in various exploits. The owner and group of an existing symbolic link can be changed using .BR lchown (2). -The only time that the ownership of a symbolic link matters is -when the link is being removed or renamed in a directory that -has the sticky bit set (see -.BR stat (2)). +Only when a symbolic link is in a sticky directory (see +.BR stat (2)) +does its ownership matter\[em]deletions and renames are subject +to standard semantics. +.\" Documentation/admin-guide/sysctl/fs.rst: +.\" fs/namei.c#may_follow_link() +Additionally, if the +.I fs.protected_symlinks +sysctl is set, a symbolic link may only be followed if: +.br +\[bu] not in a sticky, world-writable +.RB ( o+wt ) +directory, +.br +\[bu] owned by the user which follows it, or +.br +\[bu] owned by the same user which owns the directory it resides in. .PP The last access and last modification timestamps of a symbolic link can be changed using -- 2.30.2
Attachment:
signature.asc
Description: PGP signature
