This is on by default in Debian, maybe the next reader won't spend an
hour tracing the kernel
Fixes: e8ff4f53ab9a7cbd ("Remove information migrated to inode(7) page")
Closes: https://bugs.debian.org/1033477
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@xxxxxxxxxxxxxxxxxx>
---
This definitely needs to be referenced here, because "The only time that
the ownership of a symbolic link matters is when the link is being
removed or renamed in a directory that has the sticky bit set" is an
abject lie, especially since Debian ships with fs.protected_symlinks=1;
the minimum here is to cross-ref to an extended description.
I straight-up didn't know proc(5) listed sysctls, and I looked!
(Well, defined as "apropos sysctl" didn't list anything in particular,
and sysctl(2) has an unannotated proc(5) in SEE ALSO.)
It'd be nice if, idk, the proc.5 SH were extended with "process
information, system information, and sysctl pseudo-filesystem" or
whatever, or there were a sysctl.[47] alias for proc.5,
because as it stands, I would never have guesssed there's a listing of
sysctls in proc(5).
man7/symlink.7 | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/man7/symlink.7 b/man7/symlink.7
index 77fefb743..4403f6214 100644
--- a/man7/symlink.7
+++ b/man7/symlink.7
@@ -84,10 +84,14 @@ magic links have been used as attack vectors in various exploits.
The owner and group of an existing symbolic link can be changed
using
.BR lchown (2).
-The only time that the ownership of a symbolic link matters is
+The ownership of a symbolic link matters
when the link is being removed or renamed in a directory that
has the sticky bit set (see
-.BR stat (2)).
+.BR inode (7)),
+and when the
+.I fs.protected_symlinks
+sysctl is set (see
+.BR proc (5)).
.PP
The last access and last modification timestamps
of a symbolic link can be changed using
--
2.30.2
Attachment:
signature.asc
Description: PGP signature
