linux-man.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: наб <nabijaczleweli@nabijaczleweli.xyz>
To: Jakub Wilk <jwilk@jwilk.net>
Cc: "Alejandro Colomar (man-pages)" <alx.manpages@gmail.com>,
	linux-man@vger.kernel.org
Subject: [PATCH v2] symlink.7: cross-link to proc.5 for fs.protected_symlinks
Date: Mon, 27 Mar 2023 14:29:33 +0200	[thread overview]
Message-ID: <fneuwvfzrpj22nk4u6pgjr4zd62z2mrjbvyuvgl5vkkiwtfnvr@ca4gsy5ktdld> (raw)
In-Reply-To: <20230327063142.pdeeemawtssywcqg@jwilk.net>

[-- Attachment #1: Type: text/plain, Size: 1935 bytes --]

This is on by default in Debian, maybe the next reader won't spend an
hour tracing the kernel

Fixes: e8ff4f53ab9a7cbd ("Remove information migrated to inode(7) page")
Closes: https://bugs.debian.org/1033477
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
This definitely needs to be referenced here, because "The only time that
the ownership of a symbolic link matters is when the link is being
removed or renamed in a directory that has the sticky bit set" is an
abject lie, especially since Debian ships with fs.protected_symlinks=1;
the minimum here is to cross-ref to an extended description.

I straight-up didn't know proc(5) listed sysctls, and I looked!
(Well, defined as "apropos sysctl" didn't list anything in particular,
 and sysctl(2) has an unannotated proc(5) in SEE ALSO.)

It'd be nice if, idk, the proc.5 SH were extended with "process
information, system information, and sysctl pseudo-filesystem" or
whatever, or there were a sysctl.[47] alias for proc.5,
because as it stands, I would never have guesssed there's a listing of
sysctls in proc(5).

 man7/symlink.7 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/man7/symlink.7 b/man7/symlink.7
index 77fefb743..4403f6214 100644
--- a/man7/symlink.7
+++ b/man7/symlink.7
@@ -84,10 +84,14 @@ magic links have been used as attack vectors in various exploits.
 The owner and group of an existing symbolic link can be changed
 using
 .BR lchown (2).
-The only time that the ownership of a symbolic link matters is
+The ownership of a symbolic link matters
 when the link is being removed or renamed in a directory that
 has the sticky bit set (see
-.BR stat (2)).
+.BR inode (7)),
+and when the
+.I fs.protected_symlinks
+sysctl is set (see
+.BR proc (5)).
 .PP
 The last access and last modification timestamps
 of a symbolic link can be changed using
-- 
2.30.2

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  reply	other threads:[~2023-03-27 12:29 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-25 21:00 [PATCH] symlink.7: expound upon fs.protected_symlinks наб
2023-03-27  6:31 ` Jakub Wilk
2023-03-27 12:29   ` наб [this message]
2023-03-31 21:44     ` [PATCH v2] symlink.7: cross-link to proc.5 for fs.protected_symlinks Alejandro Colomar
2023-03-31 22:04       ` [PATCH 1/2] proc.5: add "system information, and sysctl" to .SH наб
2023-03-31 22:11         ` Alejandro Colomar
2023-04-01 22:58         ` Alejandro Colomar
2023-03-31 22:04       ` [PATCH 2/2] sysctl.7: create as .so man5/proc.5 наб
2023-03-31 22:14         ` Alejandro Colomar
2023-04-01 23:04         ` Alejandro Colomar
2023-04-01 23:26           ` наб
2023-04-01 23:28             ` Alejandro Colomar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fneuwvfzrpj22nk4u6pgjr4zd62z2mrjbvyuvgl5vkkiwtfnvr@ca4gsy5ktdld \
    --to=nabijaczleweli@nabijaczleweli.xyz \
    --cc=alx.manpages@gmail.com \
    --cc=jwilk@jwilk.net \
    --cc=linux-man@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).