From owner-freebsd-security  Tue Feb 27 07:03:28 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id HAA24116
          for security-outgoing; Tue, 27 Feb 1996 07:03:28 -0800 (PST)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id HAA24100
          for <security@freebsd.org>; Tue, 27 Feb 1996 07:03:05 -0800 (PST)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.12/8.6.9) id BAA03316; Wed, 28 Feb 1996 01:57:55 +1100
Date: Wed, 28 Feb 1996 01:57:55 +1100
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199602271457.BAA03316@godzilla.zeta.org.au>
To: bmc@telebase.com, newton@communica.com.au
Subject: Re: Suspicious symlinks in /tmp
Cc: msmith@comtch.iea.com, nlawson@kdat.csc.calpoly.edu, security@freebsd.org
Sender: owner-security@freebsd.org
Precedence: bulk

>... also totally irrelevent:  The permissions on the symlink don't
>arbitrate file access permissions -- The permissions on the file it's
>pointing to (ie: the destination) are used for that purpose.

>So:  Not only does it not matter who owns the symlink, it also doesn't
>matter how it is chmod'ed.  You can set its permissions to rwxrwxrwx 
>without making a spot of difference to the accessibility of the file
>it's pointing at.

The uid matters for symlinks in sticky directories:

	$ ln -s /etc/passwd /tmp/mysymlink
	$ rm /tmp/mysymlink
	rm: /tmp/mysymlink: Operation not permitted

Bruce