The long road to a fix for CVE-2021-20316
The long road to a fix for CVE-2021-20316
Posted Feb 23, 2022 19:37 UTC (Wed) by nybble41 (subscriber, #55106)In reply to: The long road to a fix for CVE-2021-20316 by anton
Parent article: The long road to a fix for CVE-2021-20316
> Given that ownership (and pretty much all other metadata) is stored with the inode, and a hard link is just another reference to the same inode, it's impossible to create a hard link with different ownership (or other metadata) than the original.
Yes, but you can create a hardlink to a file you don't own in a location which the owner of the hardlinked inode can't access. If they later lose their own path to the inode (by unlinking it, for example) then the inode continues to exist, because of the hardlink, and thus continues to count against their quota, but they have no way to remove it.