[arch-general] Why are CA certifcates writable for every user?
Tomasz Kramkowski
tk at the-tk.com
Fri Feb 6 00:27:20 UTC 2015
On 05/02/15 19:20, Patrick Burroughs (Celti) wrote:
> their actual permissions are those of the target.
From what I understand (and tests I've done, and discussions on arch
channels on IRC) their actual permissions are inherited from the
directory they are in AND from the permissions of a target.
Actions that act on the target always inherit target permissions (read,
write and execute). Actions that act on the link, however, always
inherit the directory permissions (delete and move).
This can be tested by symlinking a file from another user's home
directory (which will obviously have to be done as root. The file should
by default have 600 permissions and should be owned by that user and his
group).
Renaming and deletion of the symlink will be allowed, but attempting to
read, write or execute the file will depend on the group/others
permissions of the file.
The Wikipedia article [1] on symbolic links basically seems to say
something along these lines, but not entirely correct. However, that
entire sections lacks a lot of citations and should really have a few
more than one [citation needed] tag.
[1] https://en.wikipedia.org/wiki/Symbolic_link#Storage_of_symbolic_links
--
Tomasz Kramkowski
E-Mail: tk at the-tk.com
PGP: 6FCE87503AAF42AB3BF4 94FE40B037BA0A5B8680
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20150206/e8bb7a19/attachment.asc>
More information about the arch-general
mailing list