You have made /dev/ writable by non-privileged users
Your non-privileged user already owns the symlink /dev/nul. Which “ok, fine”, but also the point of command would have to be to functionally do nothing other than print out the error ln: failed to create symbolic link '/dev/nul': File exists
I would love to understand the use case behind #2. I am also curious to see even 7 more cases, let alone your figurative million.
In regards to #3 even if the behaviour of ln was to replace a symlink if it already existed, it’ll probably have to unlink() the existing symlink, which I’m pretty sure is gonna get you a permission denied error on any /dev filesystem with sane permissions.
My dumbass can only come up with three:
/dev/nul. Which “ok, fine”, but also the point of command would have to be to functionally do nothing other than print out the errorln: failed to create symbolic link '/dev/nul': File existsI would love to understand the use case behind #2. I am also curious to see even 7 more cases, let alone your figurative million.
In regards to #3 even if the behaviour of
lnwas to replace a symlink if it already existed, it’ll probably have tounlink()the existing symlink, which I’m pretty sure is gonna get you a permission denied error on any /dev filesystem with sane permissions.Follow up, tested and confirmed #3:
ln could be +s
the kernel could have been modified
I’m sure there is some way if using capabilities
you don’t need to be ‘root’, uid 0 is enough :)