On 2023-09-07 13:25, Taylor R Campbell wrote:
Today I learned that you can create hard links to a file you don't own and can't write to or even read from: $ su -l root -c 'touch /tmp/foo && chmod 600 /tmp/foo' $ ln /tmp/foo /tmp/bar This strikes me as bonkers and a likely source of security issues.
The possibly worst outcome of this is that someone removes /tmp/foo, and expect the file to be deleted, but it still stays around.
Other than that, this seems like a very expected behavior. It's just a second reference to a file. All the access control to the file is in the file. A reference to it is nothing that in itself carries much of anything else.
I mean, if you can see /tmp/foo, then I fail to see that having a /tmp/bar pointing to the same file is going to cause any issues.
or what am I missing?
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt%softjar.se@localhost || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol