Make symlinks readonly

x_terminat_or_3 · 10-20-2007, 11:22 AM

Hi

Is there any way that I can make a symlink readonly, as in non-deletable.

At the moment, even symlinks created as root are deletable by mortal users

Consider this:

Code:

[root@earth andy]# ln -s blabla-1.0.1 testlink
[root@earth andy]# ls -alh testlink
lrwxrwxrwx 1 root root 12 2007-10-20 17:15 testlink -> blabla-1.0.1
[root@earth andy]# exit
exit
[andy@earth ~]$ unlink testlink
[andy@earth ~]$ ls -alh testlink
ls: cannot access testlink: No such file or directory

Changing the attributes on the link, by using chmod only results in the attributes of the destination being changed, not of the actual link.

Since many things in Linux are dependent on symlinks, this looks to be an easy exploit to break a system, just log on as user, and start deleting all the symlinks that

Code:

find -type l

throws at you, including, especially, those found in /dev

Does any one of you know how to make the actual symlink readonly?

GrapefruiTgirl · 10-20-2007, 12:21 PM

Oddly enough, when I look at the properties of a symlink from my desktop, I am shown the permissions of the destination file.
When I do an ls -al, it shows the properties of the symlink itself, which is like you noted: 1rwxrwxrwx.

Best as I can tell, the symlinks created anywhere take on the properties of the actual linked file. Therefore regardless WHO creates a symlink, the symlink itself can be deleted by anyone who had WRITE PERMISSIONS to the location of the symlink, but the actual file itself can't be deleted so easily.
Since most or all of the symlinks lying about a system which the system depends on are in ROOT-WRITEABLE locations, it would seem difficult to do any significant damage to a system by deleting of symlinks by a malicious user. Particularly as an example, symlinks in /dev are subject to the read/write permissions of the /dev folder, and therefore not deletable by regular users.
FWIW I tried to CHMOD and CHOWN a symlink, and the effects of each attempt were transferred to the actual linked file, while the symlink itself remained as it had been.

x_terminat_or_3 · 10-20-2007, 12:26 PM

Quote:

symlinks in /dev are subject to the read/write permissions of the /dev folder, and therefore not deletable by regular users.

Exactly. Thank you for reminding me about that.

matthewg42 · 10-20-2007, 03:49 PM

To delete a file, the permissions on the file are not actually crucial - instead the permissions of the directory in which the file resides are the important ones. If a user has write permission to a directory, she can move and erase files in that directory, even if they are owned by another user and have file-permissions which prohibit writing by other users (although mv and rm will issue a warning about this if the -f option is not used).

The exception is if the so-called "sticky bit" is set for the directory. In this case, users can only rename and remove files they own. An example of a common place where the sticky bit is set is the /tmp directory.

Code:

% ls -ld .
drwxr-xr-x 15 matthew matthew 4096 2007-10-20 21:41 ./
% id
uid=1000(matthew) gid=1000(matthew) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),104(scanner),108(lpadmin),110(admin),115(netdev),117(powerdev),1000(matthew)
% sudo touch testfile
% ls -l testfile
-rw-r--r-- 1 root root 0 2007-10-20 21:42 testfile
% rm -f testfile
% ls -l testfile
ls: testfile: No such file or directory

Symlinks do not have their own permissions values, instead they inherit the permissions of the file which they link to. In ls listings symlink permissions are shown as "lrwxrwxrwx". Using the -H option you can ask to see the permissions of the target file.