0

If symlink is executable (ln), will the file it is pointing to that is not executable, be exposed? Quick googling does give all kinds of answers around the topic but not a direct answer.

Being exposed here means, if i use a single file php tool on a webserver that i create a symlink into that again is accessed from index file, will the php be accessible outside?

index.php -> symlink -> tool.php(am i exposed to the internet?)

Magezilla
  • 25
  • 5
  • 1
    What do you mean with "exposed"? Executable? – knittl Feb 27 '21 at 12:52
  • Does this answer your question? [Why do the permissions of a symbolic link default to all-permissive?](https://stackoverflow.com/questions/22975261/why-do-the-permissions-of-a-symbolic-link-default-to-all-permissive) – knittl Feb 27 '21 at 12:55
  • What does "exposed" mean in this context? – ilkkachu Feb 27 '21 at 12:57
  • No idea what you are asking. But I know that it is not related to programming and SO is not the site you should ask such questions. – Klaus Feb 27 '21 at 13:18
  • Just to get this right, index.php is a symlink which points to tools.php? i.e. `ln -s tools.php index.php`? Then (of course?) `tools.php` will be exposed. Users visiting yoursite.com/index.php will instead run tools.php and display its output. (Given that the file is readable and executable by your web server) – knittl Feb 27 '21 at 19:12
  • index.php has an inclusion of a file that is a symlink and that symlink points to tool.php – Magezilla Feb 28 '21 at 15:44

1 Answers1

1

If you mean "because the link itself has the x bits set, will the file become executable via the link?", then the answer is "no":

$ echo 'echo busted!' > original
$ ln -s origin link
$ ./link
sh: ./link: Permission denied
$ chmod +x original
$ ./link
busted!

From a similar question and its answer:

Which platform are you working on? If you are on linux, then symlink permissions are not used at all, so whatever their value nobody cares. That could be different on BSD, OSX, or other flavors.

knittl
  • 246,190
  • 53
  • 318
  • 364
  • Im on linux yes. I guess this will be sufficient if the same applies to stuff behind a webserver, nginx, it should shouldnt it? Would of gotten the answer faster by just trying out, but the guestion seemed simple enough at first. – Magezilla Feb 27 '21 at 13:55