mirror of https://github.com/mkerrisk/man-pages
symlink.7: Minor fixes to Aleksa Sarai's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
41e240557f
commit
04ce17bdba
|
@ -84,21 +84,26 @@ as they are implemented on Linux and other systems,
|
|||
are outlined here.
|
||||
It is important that site-local applications also conform to these rules,
|
||||
so that the user interface can be as consistent as possible.
|
||||
.SS Magic-links
|
||||
There is a special class of symlink-like objects known as "magic-links" which
|
||||
can be found in certain pseudo-filesystems such as
|
||||
.\"
|
||||
.SS Magic links
|
||||
There is a special class of symbolic-link-like objects
|
||||
known as "magic links", which
|
||||
can be found in certain pseudofilesystems such as
|
||||
.BR proc (5)
|
||||
(examples include
|
||||
.IR /proc/[pid]/exe " and " /proc/[pid]/fd/* .)
|
||||
Unlike normal symlinks, magic-links are not resolved through
|
||||
.IR /proc/[pid]/exe " and " /proc/[pid]/fd/* ).
|
||||
Unlike normal symbolic links, magic links are not resolved through
|
||||
pathname-expansion, but instead act as direct references to the kernel's own
|
||||
representation of a file handle. As such, these magic-links allow users to
|
||||
representation of a file handle.
|
||||
As such, these magic links allow users to
|
||||
access files which cannot be referenced with normal paths (such as unlinked
|
||||
files still referenced by a running program.)
|
||||
files still referenced by a running program ).
|
||||
.PP
|
||||
Because they can bypass ordinary
|
||||
.BR mount_namespaces (7)-based
|
||||
restrictions, magic-links have been used as attack vectors in various exploits.
|
||||
restrictions,
|
||||
magic links have been used as attack vectors in various exploits.
|
||||
.\"
|
||||
.SS Symbolic link ownership, permissions, and timestamps
|
||||
The owner and group of an existing symbolic link can be changed
|
||||
using
|
||||
|
@ -119,7 +124,8 @@ On Linux, the permissions of an ordinary symbolic link are not used in any
|
|||
operations; the permissions are always 0777 (read, write, and execute for all
|
||||
user categories), and can't be changed.
|
||||
.PP
|
||||
However, magic-links do not follow this rule. They can have a non-0777 mode,
|
||||
However, magic links do not follow this rule.
|
||||
They can have a non-0777 mode,
|
||||
though this mode is not currently used in any permission checks.
|
||||
|
||||
.\"
|
||||
|
|
Loading…
Reference in New Issue