Posix hardlink heartache

See also: Ghosts of Unix past, part 4: High-maintenance designs: <a href="https:&#x2F;&#x2F;lwn.net&#x2F;Articles&#x2F;416494&#x2F;" rel="nofollow">https:&#x2F;&#x2F;lwn.net&#x2F;Articles&#x2F;416494&#x2F;</a><p>&gt; While hard links are certainly a lesser evil than setuid, and there is little motivation to rid ourselves of them, they do serve to illustrate how a seemingly clever and useful design can have a range of side effects which can weigh heavily against the value that the design tries to bring.

This seems to me to be a bit of throwing out the baby with the bathwater... the problem isn’t links but rather setuid programs changing file permissions in user writable directories!

I don&#x27;t see how the security issues described in this article are really tied to hardlinks. If root is doing chmod&#x2F;chown in a directory that is writable by untrusted users, the same untrusted users can also just remove or rename files. Is there any example that demonstrates an exploit specifically relying on hardlinks?

The usual defense is to keep user writable spaces on separate mount points, where in theory they may be able to link with each others&#x27; files, but not anything important. And then be mindful about whatever dumb script you run that mucks with permissions.

I&#x27;d be curious to know what use case people have today for hardlinks, ever since symlinks became a thing.<p>I&#x27;ve been using Linux for more than 20 years and the only case I&#x27;ve found is for rsync incremental backups (--link-dest option), which is great for doing backups to an external USB hard drive and saving space. But that&#x27;s rather niche.

Does multi user posix really get much use still? And should it? The model is how old now and we&#x27;re still finding vulnerabilities more or less by design. Computers are so cheap that almost everyone has one in their pocket, and most in the first world own 2-3. Multi user operating systems just don&#x27;t seem relevant anymore.

So, which systems allow hard links to directories?

good news is that fs.protected_hardlinks is enabled on debian and ubuntu

No so much harlinks, but symlinks are a blight on the POSIX filesystem design. They have caused endless pain and suffering and so many, many CVE&#x27;s. They need to be eliminated.

I am trying to work out the level of (useless?&#x2F;unnecessary?) churn in the world of startups &#x2F; digital transformation &#x2F; world.<p>So, yes the Internet is <i>great</i> - it connects what 5 billion adults now, and allows faster finding of the things you want etc. But there is soooo much ... of this stuff. I am guessing that &quot;Digital marketing for the Rental market&quot; means you have a house to let, and you want to list it with these people and their five competitors because you might miss out because who knows where one&#x27;s audience really looks.<p>Now we could talk about disaggregation of AiBnB as a positive thing, but really - no, lets not.<p>What we can talk about is there is a bare minimum of cost &#x2F; effort we can imagine here. Call it a Craigslist for the whole internet. Want to sell something - just find the right RDF tuple and list it. A search engine can find it and anyone searching for &quot;house to rent in London&quot; or &quot;new pair trainers&quot; will have a complete JSON list to walk through - sortable by price, location, availability etc etc.<p>Now this is not something I think <i>should</i> exist, but if it <i>did</i> it would still have a <i>cost</i> to operate. But we could measure the unnecessary <i>churn</i> by comparing the actual cost (in people, dollars, time etc) of things like RentPath to this bare minimum.<p>I expect there are Economics PhDs on this, but it struck me as interesting.