Hard links

Evan Jeffrey (ejeffrey@eliot82.wustl.edu)
Thu, 19 Dec 1996 14:55:55 -0600

I wonder if people would stop talking about security and hard links if there
were a patch. Here it is. It adds an option "safehlink" to mount for ext2
filesystems. If mounted with this option, only the owner of the original
file or the super user will be able to create hard links. I recall that
originally someone wanted to prevent this only if the target were in a
sticky bit directory, but I think this A) limits generality (for quota
systems) and B) is useless, if I can create a link in my home dir, I can
move it into /tmp anyway, even if it isn't mine, just as I can delete it.

Evan Jeffrey
ejeffrey@eliot82.wustl.edu

--- include/linux/ext2_fs.h.orig Wed Dec 18 15:59:50 1996
+++ include/linux/ext2_fs.h Wed Dec 18 00:26:59 1996
@@ -297,4 +297,5 @@
#define EXT2_MOUNT_ERRORS_PANIC 0x0040 /* Panic on errors */
#define EXT2_MOUNT_MINIX_DF 0x0080 /* Mimics the Minix statfs */
+#define EXT2_MOUNT_SAFE_HLINK 0x0100 /* Only owner or root can create hard links */

#define clear_opt(o, opt) o &= ~EXT2_MOUNT_##opt
--- fs/ext2/namei.c.orig Wed Dec 18 15:58:48 1996
+++ fs/ext2/namei.c Wed Dec 18 15:43:21 1996
@@ -866,4 +866,9 @@
return -EPERM;
}
+ if (test_opt(oldinode->i_sb, SAFE_HLINK) && current->euid && current->euid != oldinode->i_uid) {
+ iput (oldinode);
+ iput (dir);
+ return -EPERM;
+ }
if (oldinode->i_nlink >= EXT2_LINK_MAX) {
iput (oldinode);
--- fs/ext2/super.c.orig Wed Dec 18 15:59:19 1996
+++ fs/ext2/super.c Wed Dec 18 00:56:07 1996
@@ -265,4 +265,6 @@
|| !strcmp (this_char, "usrquota"))
/* Don't do anything ;-) */ ;
+ else if (!strcmp (this_char, "safehlink"))
+ set_opt (*mount_options, SAFE_HLINK);
else {
printk ("EXT2-fs: Unrecognized mount option %s\n", this_char);