[arch-general] Why are CA certifcates writable for every user?

"Jérôme M. Berger" jeberger at free.fr
Fri Feb 6 18:50:45 UTC 2015


On 02/06/2015 01:27 AM, Tomasz Kramkowski wrote:
> On 05/02/15 19:20, Patrick Burroughs (Celti) wrote:
>> their actual permissions are those of the target.
> 
> From what I understand (and tests I've done, and discussions on arch
> channels on IRC) their actual permissions are inherited from the
> directory they are in AND from the permissions of a target.
> 
> Actions that act on the target always inherit target permissions (read,
> write and execute). Actions that act on the link, however, always
> inherit the directory permissions (delete and move).
> 
	Delete and move always depend on the (parent) directory permission,
whether you operate on a symlink, a file or a subdirectory.

> This can be tested by symlinking a file from another user's home
> directory (which will obviously have to be done as root.

	Actually, this does not need root. You can even create a symlink to a
non-existing file if you want. Actually *accessing* the symlink is
another matter of course.

		Jerome
-- 
mailto:jeberger at free.fr
http://jeberger.free.fr
Jabber: jeberger at jabber.fr

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20150206/2b889fa6/attachment.asc>


More information about the arch-general mailing list