0

Do world-writable systemd .service files created as symbolic links in /etc/systemd/system impose a security threat?

Would it be possible to somehow modify the links to target arbitrary .service files on the system, and make systemd execute those files as root?

The permissions for the /etc/systemd/system directory is as follows:

drwxr-xr-x. 11 root root 4096 Aug 30 12:57 /etc/systemd/system/

and the world-writable links in this directory are:

1050594    0 lrwxrwxrwx   1 root     root            9 Apr  9 11:53 /etc/systemd/system/ctrl-alt-del.target -> /dev/null
1050595    0 lrwxrwxrwx   1 root     root            9 Apr  9 11:54 /etc/systemd/system/sensu-server.service -> /dev/null
1052003    0 lrwxrwxrwx   1 root     root            9 Apr  9 11:54 /etc/systemd/system/sensu-api.service -> /dev/null
1052037    0 lrwxrwxrwx   1 root     root            9 Apr  9 11:55 /etc/systemd/system/dataeng.service -> /dev/null
Bart
  • 2,221
Shuzheng
  • 4,411
  • No. The perms on a symlink don't matter, they'll always be 777. The perms on the file they link to do. – cas Aug 30 '19 at 11:43

1 Answers1

1

Under Linux, symlinks don’t really have separate permissions; the permissions taken into account are those of the target file, and of the containing directory. Since the containing directory is only writable by root, only root can create or delete symlinks there. The target files are presumably only writable by root too, which protects their contents.

Stephen Kitt
  • 434,908
  • So, the "symbolic" contents of a symbolic link can never be modified in-place? Will symbolic links always have permission lrwxrwxrwx, no matter what they point to? Can these permissions be modified using chmod, and would that make sense? – Shuzheng Aug 30 '19 at 12:00
  • No, you can’t edit a symlink (at least, not without editing the underlying file system directly). Under Linux, symbolic links always show as lrwxrwxrwx (link type, with 777 permissions). Under Linux, symlink permissions can’t be changed. Under macOS and the BSDs, symlinks do have separate permissions, and they can be modified using chmod -h; see Change permissions for a symbolic link. – Stephen Kitt Aug 30 '19 at 12:07
  • Under BSD would it also be possible to edit a symlink? :) – Shuzheng Aug 30 '19 at 12:27
  • No. In my previous comment, I qualified Linux-specific behaviour; unqualified statements apply to all systems which are on-topic here. – Stephen Kitt Aug 30 '19 at 12:47