[tadfisher]

Researching this, found [1]:

> POSIX guarantees that hard links can exist. It follows that, on POSIX systems without any non-standard protections, it's unsafe for anyone (but in particular, root) to do anything sensitive in a directory that is writable by another user. Cross-platform programs designed to do so are simply flawed.

I feel like something had to have been lost in translation from Unix to POSIX here. In the original implementation, were users able to hardlink (well, "link") files owned by others? If so, this is a foundational flaw that should probably be fixed across the board with something similar to Linux's non-standard sysctl option.

[1]: http://michael.orlitzky.com/articles/posix_hardlink_heartach...

[angry_octet]

Yes, normally you could hard link any file if you can read a directory that references it, and if there was a directory you had write access to on the same volume. The hard link doesn't change the permissions of the file.

Hard links are particularly useful for having multiple copies of a directory tree without consuming space for the files. Eg to create an overlay of a build tree, with your changes on top. Unfortunately CoW file systems still have many issues that make this difficult.

[tedunangst]

A link is just a directory entry. If you can write to the directory, you can create entries in it. And back in olden times, mkdir was setuid because it wasn't a syscall.