Re: [PATCH v2] symlink.7: cross-link to proc.5 for fs.protected_symlinks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

On 3/27/23 14:29, наб wrote:
> This is on by default in Debian, maybe the next reader won't spend an
> hour tracing the kernel
> 
> Fixes: e8ff4f53ab9a7cbd ("Remove information migrated to inode(7) page")
> Closes: https://bugs.debian.org/1033477
> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@xxxxxxxxxxxxxxxxxx>

Patch applied.

> ---
> This definitely needs to be referenced here, because "The only time that
> the ownership of a symbolic link matters is when the link is being
> removed or renamed in a directory that has the sticky bit set" is an
> abject lie, especially since Debian ships with fs.protected_symlinks=1;
> the minimum here is to cross-ref to an extended description.
> 
> I straight-up didn't know proc(5) listed sysctls, and I looked!
> (Well, defined as "apropos sysctl" didn't list anything in particular,
>  and sysctl(2) has an unannotated proc(5) in SEE ALSO.)
> 
> It'd be nice if, idk, the proc.5 SH were extended with "process
> information, system information, and sysctl pseudo-filesystem" or
> whatever, or there were a sysctl.[47] alias for proc.5,
> because as it stands, I would never have guesssed there's a listing of
> sysctls in proc(5).

Feel free to send a patch for it :)

Cheers,
Alex

> 
>  man7/symlink.7 | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/man7/symlink.7 b/man7/symlink.7
> index 77fefb743..4403f6214 100644
> --- a/man7/symlink.7
> +++ b/man7/symlink.7
> @@ -84,10 +84,14 @@ magic links have been used as attack vectors in various exploits.
>  The owner and group of an existing symbolic link can be changed
>  using
>  .BR lchown (2).
> -The only time that the ownership of a symbolic link matters is
> +The ownership of a symbolic link matters
>  when the link is being removed or renamed in a directory that
>  has the sticky bit set (see
> -.BR stat (2)).
> +.BR inode (7)),
> +and when the
> +.I fs.protected_symlinks
> +sysctl is set (see
> +.BR proc (5)).
>  .PP
>  The last access and last modification timestamps
>  of a symbolic link can be changed using

-- 
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux