diff --git a/man7/symlink.7 b/man7/symlink.7 index ed99bc423..55ee2d9a3 100644 --- a/man7/symlink.7 +++ b/man7/symlink.7 @@ -84,21 +84,26 @@ as they are implemented on Linux and other systems, are outlined here. It is important that site-local applications also conform to these rules, so that the user interface can be as consistent as possible. -.SS Magic-links -There is a special class of symlink-like objects known as "magic-links" which -can be found in certain pseudo-filesystems such as +.\" +.SS Magic links +There is a special class of symbolic-link-like objects +known as "magic links", which +can be found in certain pseudofilesystems such as .BR proc (5) (examples include -.IR /proc/[pid]/exe " and " /proc/[pid]/fd/* .) -Unlike normal symlinks, magic-links are not resolved through +.IR /proc/[pid]/exe " and " /proc/[pid]/fd/* ). +Unlike normal symbolic links, magic links are not resolved through pathname-expansion, but instead act as direct references to the kernel's own -representation of a file handle. As such, these magic-links allow users to +representation of a file handle. +As such, these magic links allow users to access files which cannot be referenced with normal paths (such as unlinked -files still referenced by a running program.) +files still referenced by a running program ). .PP Because they can bypass ordinary .BR mount_namespaces (7)-based -restrictions, magic-links have been used as attack vectors in various exploits. +restrictions, +magic links have been used as attack vectors in various exploits. +.\" .SS Symbolic link ownership, permissions, and timestamps The owner and group of an existing symbolic link can be changed using @@ -119,7 +124,8 @@ On Linux, the permissions of an ordinary symbolic link are not used in any operations; the permissions are always 0777 (read, write, and execute for all user categories), and can't be changed. .PP -However, magic-links do not follow this rule. They can have a non-0777 mode, +However, magic links do not follow this rule. +They can have a non-0777 mode, though this mode is not currently used in any permission checks. .\"