Date: Mon, 26 Feb 1996 18:37:15 -0500 From: Brian Clapper <bmc@telebase.com> To: Nathan Lawson <nlawson@kdat.csc.calpoly.edu> Cc: msmith@comtch.iea.com (Mark Smith), security@FreeBSD.ORG Subject: Re: Suspicious symlinks in /tmp Message-ID: <199602262337.SAA00872@telebase.com.> In-Reply-To: <60614237@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Nathan" == Nathan Lawson <nlawson@kdat.csc.calpoly.edu> writes: Nathan> However, the bug that I have seen for quite a while and complained Nathan> about is that a symlink is owned by the owner of the file it points Nathan> to, not by the creator of the symlink. That is a bad idea and I Nathan> really can't see the logic behind doing that. Nathan> Could someone explain this behavior? Hmmm. Doesn't work that way on my 2.1R system: % id uid=200(bmc) gid=200(bmc) groups=200(bmc), 1000(eng) % ln -s /etc/passwd . % ls -l /etc/passwd passwd -rw-r--r-- 1 root wheel 1176 Feb 16 09:59 /etc/passwd lrwxr-xr-x 1 bmc wheel 11 Feb 26 18:31 passwd -> /etc/passwd As it turns out, the symlink ends up being owned by whoever owns its parent directory--regardless of the UID of the process that created the symlink and regardless of the UID that owns the file to which it points. Thus, if I create the same symlink in /tmp (as `bmc'), the symlink is owned by `bin' (the owner of /tmp). Likewise, if I login as `root' and create the same symlink in my home directory, the symlink is owned by `bmc', not `root'. Also highly counterintuitive behavior, at least to me. ---- Brian Clapper .............................................. bmc@telebase.com http://www.netaxs.com/~bmc/ ............. PGP public key available on request And now for something completely different.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602262337.SAA00872>