Re: Hard link creation witout write access

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Subject: Re: Hard link creation witout write access
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Thu, 7 Sep 2023 12:13:22 +0000

> Date: Thu, 7 Sep 2023 07:46:48 -0400 (EDT)
> From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
> 
> > Today I learned that you can create hard links to a file you don't
> > own and can't write to or even read from:
> 
> > $ su -l root -c 'touch /tmp/foo && chmod 600 /tmp/foo'
> > $ ln /tmp/foo /tmp/bar
> 
> > This strikes me as bonkers and a likely source of security issues.
> 
> What issues?  The only one I can see is that it allows anyone who can
> write to any directory on that filesystem to cause the file to stick
> around after its original name is unlinked.  That strikes me as a
> non-hazard.
> 
> Do you see potential damage from that, or do you see some additional
> threat?

Requires extra care to prevent things like this:

ln /etc/motd /var/mail/mouse
echo hello world | mail.local mouse

It's surprising to me that you can modify a file -- changing its link
count, even if you don't consider creating another (non-symbolic)
directory link pointing to it to be modifying it -- that you don't own
and don't have write access to.  Things that are surprising like that
are likely sources of security issues.

What's a _legitimate_ use case for this that can't be done with
symlinks?

Follow-Ups:
- Re: Hard link creation witout write access
  - From: Mateusz Kocielski

References:
- Re: Hard link creation witout write access
  - From: Mouse

Prev by Date: Re: Hard link creation witout write access
Next by Date: Re: Hard link creation witout write access
Previous by Thread: Re: Hard link creation witout write access
Next by Thread: Re: Hard link creation witout write access
Indexes:

Home | Main Index | Thread Index | Old Index