| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <fe72a276-a977-2589-ee83-d6ac8a21fbfa@gmail.com>
Date: Fri, 19 Jun 2020 15:00:15 +0200
From: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
To: Aleksa Sarai <cyphar@...har.com>
Cc: mtk.manpages@...il.com, linux-man@...r.kernel.org,
linux-api@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, viro@...iv.linux.org.uk,
christian@...uner.io
Subject: Re: [PATCH] symlink.7: document magic-links more completely
Hello Aleksa,
On 6/10/20 7:53 AM, Aleksa Sarai wrote:
> Hi Michael,
>
> Sorry for the delay and here is the patch I promised in this thread.
Thanks!
Patch applied.
Cheers,
Michael
> --8<---------------------------------------------------------------------8<--
>
> Traditionally, magic-links have not been a well-understood topic in
> Linux. This helps clarify some of the terminology used in openat2.2.
>
> Signed-off-by: Aleksa Sarai <cyphar@...har.com>
> ---
> man7/symlink.7 | 31 ++++++++++++++++++++++---------
> 1 file changed, 22 insertions(+), 9 deletions(-)
>
> diff --git a/man7/symlink.7 b/man7/symlink.7
> index 07b1db3a3764..ed99bc4236f1 100644
> --- a/man7/symlink.7
> +++ b/man7/symlink.7
> @@ -84,6 +84,21 @@ as they are implemented on Linux and other systems,
> are outlined here.
> It is important that site-local applications also conform to these rules,
> so that the user interface can be as consistent as possible.
> +.SS Magic-links
> +There is a special class of symlink-like objects known as "magic-links" which
> +can be found in certain pseudo-filesystems such as
> +.BR proc (5)
> +(examples include
> +.IR /proc/[pid]/exe " and " /proc/[pid]/fd/* .)
> +Unlike normal symlinks, magic-links are not resolved through
> +pathname-expansion, but instead act as direct references to the kernel's own
> +representation of a file handle. As such, these magic-links allow users to
> +access files which cannot be referenced with normal paths (such as unlinked
> +files still referenced by a running program.)
> +.PP
> +Because they can bypass ordinary
> +.BR mount_namespaces (7)-based
> +restrictions, magic-links have been used as attack vectors in various exploits.
> .SS Symbolic link ownership, permissions, and timestamps
> The owner and group of an existing symbolic link can be changed
> using
> @@ -99,16 +114,14 @@ of a symbolic link can be changed using
> or
> .BR lutimes (3).
> .PP
> -On Linux, the permissions of a symbolic link are not used
> -in any operations; the permissions are always
> -0777 (read, write, and execute for all user categories),
> .\" Linux does not currently implement an lchmod(2).
> -and can't be changed.
> -(Note that there are some "magic" symbolic links in the
> -.I /proc
> -directory tree\(emfor example, the
> -.IR /proc/[pid]/fd/*
> -files\(emthat have different permissions.)
> +On Linux, the permissions of an ordinary symbolic link are not used in any
> +operations; the permissions are always 0777 (read, write, and execute for all
> +user categories), and can't be changed.
> +.PP
> +However, magic-links do not follow this rule. They can have a non-0777 mode,
> +though this mode is not currently used in any permission checks.
> +
> .\"
> .\" The
> .\" 4.4BSD
>
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
Powered by blists - more mailing lists