This is a false statement, unless I'm missing something subtle.
# mkdir tmp; chmod 777 tmp; chmod +t tmp; cd tmp
# ln -s /etc/shadow rootapprovedlink
$ ln rootapprovedlink omghax
# echo hello > omghax
The symlink hardlinked can be anywhere on the same partition on /tmp, so it's somewhat mitigated if /tmp is its own filesystem. (note the third step is performed by a non-root user).
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds