All of lore.kernel.org
 help / color / mirror / Atom feed
From: Aleksa Sarai <cyphar@cyphar.com>
To: mtk.manpages@gmail.com
Cc: linux-man@vger.kernel.org, linux-api@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	viro@zeniv.linux.org.uk, christian@brauner.io,
	Aleksa Sarai <cyphar@cyphar.com>
Subject: [PATCH] symlink.7: document magic-links more completely
Date: Wed, 10 Jun 2020 15:53:19 +1000	[thread overview]
Message-ID: <20200610055319.26374-1-cyphar@cyphar.com> (raw)
In-Reply-To: <20200414103524.wjhyfobzpjk236o7@yavin.dot.cyphar.com>

Hi Michael,

Sorry for the delay and here is the patch I promised in this thread.

--8<---------------------------------------------------------------------8<--

Traditionally, magic-links have not been a well-understood topic in
Linux. This helps clarify some of the terminology used in openat2.2.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
 man7/symlink.7 | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/man7/symlink.7 b/man7/symlink.7
index 07b1db3a3764..ed99bc4236f1 100644
--- a/man7/symlink.7
+++ b/man7/symlink.7
@@ -84,6 +84,21 @@ as they are implemented on Linux and other systems,
 are outlined here.
 It is important that site-local applications also conform to these rules,
 so that the user interface can be as consistent as possible.
+.SS Magic-links
+There is a special class of symlink-like objects known as "magic-links" which
+can be found in certain pseudo-filesystems such as
+.BR proc (5)
+(examples include
+.IR /proc/[pid]/exe " and " /proc/[pid]/fd/* .)
+Unlike normal symlinks, magic-links are not resolved through
+pathname-expansion, but instead act as direct references to the kernel's own
+representation of a file handle. As such, these magic-links allow users to
+access files which cannot be referenced with normal paths (such as unlinked
+files still referenced by a running program.)
+.PP
+Because they can bypass ordinary
+.BR mount_namespaces (7)-based
+restrictions, magic-links have been used as attack vectors in various exploits.
 .SS Symbolic link ownership, permissions, and timestamps
 The owner and group of an existing symbolic link can be changed
 using
@@ -99,16 +114,14 @@ of a symbolic link can be changed using
 or
 .BR lutimes (3).
 .PP
-On Linux, the permissions of a symbolic link are not used
-in any operations; the permissions are always
-0777 (read, write, and execute for all user categories),
 .\" Linux does not currently implement an lchmod(2).
-and can't be changed.
-(Note that there are some "magic" symbolic links in the
-.I /proc
-directory tree\(emfor example, the
-.IR /proc/[pid]/fd/*
-files\(emthat have different permissions.)
+On Linux, the permissions of an ordinary symbolic link are not used in any
+operations; the permissions are always 0777 (read, write, and execute for all
+user categories), and can't be changed.
+.PP
+However, magic-links do not follow this rule. They can have a non-0777 mode,
+though this mode is not currently used in any permission checks.
+
 .\"
 .\" The
 .\" 4.4BSD
-- 
2.26.2


  parent reply	other threads:[~2020-06-10  5:54 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-02 15:19 [PATCH man-pages v2 0/2] document openat2(2) Aleksa Sarai
2020-02-02 15:19 ` Aleksa Sarai
2020-02-02 15:19 ` [PATCH man-pages v2 1/2] path_resolution.7: update to mention openat2(2) features Aleksa Sarai
2020-02-02 15:19   ` Aleksa Sarai
2020-03-30 20:38   ` Michael Kerrisk (man-pages)
2020-02-02 15:19 ` [PATCH man-pages v2 2/2] openat2.2: document new openat2(2) syscall Aleksa Sarai
2020-02-02 15:19   ` Aleksa Sarai
2020-03-30  9:08   ` Michael Kerrisk (man-pages)
2020-03-30  9:20     ` Aleksa Sarai
2020-03-30  9:36       ` Michael Kerrisk (man-pages)
2020-03-30  9:48         ` Aleksa Sarai
2020-03-30 20:43   ` Michael Kerrisk (man-pages)
2020-03-31 14:39     ` Aleksa Sarai
2020-04-01  6:38       ` Michael Kerrisk (man-pages)
2020-04-08 21:29         ` Michael Kerrisk (man-pages)
2020-04-12 16:49         ` Aleksa Sarai
2020-04-13  7:22           ` Michael Kerrisk (man-pages)
2020-04-14 10:35             ` Aleksa Sarai
2020-04-15 20:24               ` Michael Kerrisk (man-pages)
2020-05-04 10:17               ` Michael Kerrisk (man-pages)
2020-06-10  5:53               ` Aleksa Sarai [this message]
2020-06-19 13:00                 ` [PATCH] symlink.7: document magic-links more completely Michael Kerrisk (man-pages)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200610055319.26374-1-cyphar@cyphar.com \
    --to=cyphar@cyphar.com \
    --cc=christian@brauner.io \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-man@vger.kernel.org \
    --cc=mtk.manpages@gmail.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.