> On Thu, Oct 24, 2024 at 11:36:17AM +0200, Janne Johansson wrote: > > > >Description: > > > On a same filestem, /tmp or /var in www pages perhaps or perhaps > > > even / if they get that deep, > > > the risk exists that a user can archive a file away even though > > > they don't have permissions > > > to that file. It allows at least a "backup" of non-user owned > > > files, to be put away for > > > later examination. Whether this is intended or not to be this > > > way I don't know. It's all > > > ghoti to me. > > > > Yes, this is intended. A directory entry points to an inode, and the > > inode points to the file contents, which will only be shown to you if > > you pass the validation (ie, ownership checks) of the inode. The fact > > that you can write an extra dir-entry in a writable directory is not a > > huge security risk, since you are not able to change ownership of > > "your" hard link, so if you could not read it before, then you can't > > read it after the "original" is removed either, or just "later". > > Thanks for the lengthy explanation. My query then is, why can someone > archive away files anyhow. The original user may not even know that > his/her files are saved by someone else. > > Just because they aren't able to be read by the *linker* doesn't mean > he/she will never have permissions to read them. Right?
I can't tell, whatever method you use to gain access to your newly hardlinked content could well be used to change the permissions on the original unlinked file also, "at some later point", so we are still at the same place as before. If you can subvert permissions, or get into a group with rights to this file, you win either way. > > That said, some other unices set this as an optional with sysctls to > > prevent anyone from hardlinking to a file which you lack permissions > > to read/write anyhow. OpenBSD does not have this as of now. I think it > > defaults to off on Linux since it broke stuff, so it's not generally > > considered "unintended" there either. > > Is Linux still open source? Not a good comparison. Please don't derail this into some debate about the licenses, this is not a discussion about who has the most open OS, just mentioned one of a few unices out there where this behaviour can optionally be changed. -- May the most significant bit of your life be positive.
