From owner-freebsd-security Mon Feb 26 20:16:53 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id UAA20518 for security-outgoing; Mon, 26 Feb 1996 20:16:53 -0800 (PST) Received: from psychotic.communica.com.au (gw.communica.com.au [203.8.94.161]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id UAA20274 for ; Mon, 26 Feb 1996 20:15:30 -0800 (PST) Received: from communica.com.au (newton@frenzy [192.82.222.1]) by psychotic.communica.com.au (8.6.12/8.6.9) with SMTP id OAA04941; Tue, 27 Feb 1996 14:42:54 +1030 Received: by communica.com.au (4.1/SMI-4.1) id AA25647; Tue, 27 Feb 96 14:41:27 CDT From: newton@communica.com.au (Mark Newton) Message-Id: <9602270411.AA25647@communica.com.au> Subject: Re: Suspicious symlinks in /tmp To: bmc@telebase.com (Brian Clapper) Date: Tue, 27 Feb 1996 14:41:27 +1030 (CST) Cc: nlawson@kdat.csc.calpoly.edu, msmith@comtch.iea.com, security@FreeBSD.ORG In-Reply-To: <199602262337.SAA00872@telebase.com.> from "Brian Clapper" at Feb 26, 96 06:37:15 pm X-Mailer: ELM [version 2.4 PL21] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Sender: owner-security@FreeBSD.ORG Precedence: bulk Brian Clapper wrote: > -rw-r--r-- 1 root wheel 1176 Feb 16 09:59 /etc/passwd > lrwxr-xr-x 1 bmc wheel 11 Feb 26 18:31 passwd -> /etc/passwd > > As it turns out, the symlink ends up being owned by whoever owns its parent > directory--regardless of the UID of the process that created the symlink > and regardless of the UID that owns the file to which it points. [ ... ] > Also highly counterintuitive behavior, at least to me. ... also totally irrelevent: The permissions on the symlink don't arbitrate file access permissions -- The permissions on the file it's pointing to (ie: the destination) are used for that purpose. So: Not only does it not matter who owns the symlink, it also doesn't matter how it is chmod'ed. You can set its permissions to rwxrwxrwx without making a spot of difference to the accessibility of the file it's pointing at. - mark --- Mark Newton Email: newton@communica.com.au Systems Engineer Phone: +61-8-373-2523 Communica Systems WWW: http://www.communica.com.au