symlink (symbolic link)


On UNIX, a symbolic link is where a file in one directory acts as a pointer to a file in another directory. For example, you could create a link so that all accesses to the file /tmp/foo really act upon the file / etc/passwd.

How Symbolic Links Can be Exploited

This feature can often be exploited. While a non-root user does not have permission to write to administrative files like /etc/ passwd, they can certainly create links to them in the /tmp directory or their local directory. SUID can then be exploited whereby they believe they are acting upon a user file, which which are instead acting upon the original administrative file. This is the leading way that local users can escalate their privileges on a system. Example: finger A user could link their .plan file to any other file on the system. A finger daemon running with root privileges would then follow the link to that file and read it upon execution of a finger lookup.