Hard-link creation - Permissions?
To create the hard-link
alice will need
write+execute permissions on
target-dir on all cases. The permissions needed on
target.txt will vary:
fs.protected_hardlinks = 1then
aliceneeds either ownership of
target.txtor at least
read+writepermissions on it.
fs.protected_hardlinks = 0then any set of permissions will do; Even 000 is okay.
This answer to a similar question had the missing piece of information to answer this question.
From http://kernel.opensuse.org/cgit/kernel/commit/?id=800179c9b8a1 [emphasis mine]:
On systems that have user-writable directories on the same partition as system files, a long-standing class of security issues is the hardlink-based time-of-check-time-of-use race, most commonly seen in world-writable directories like /tmp. The common method of exploitation of this flaw is to cross privilege boundaries when following a given hardlink (i.e. a root process follows a hardlink created by another user). Additionally, an issue exists where users can "pin" a potentially vulnerable setuid/setgid file so that an administrator will not actually upgrade a system fully.
The solution is to permit hardlinks to only be created when the user is already the existing file's owner, or if they already have read/write access to the existing file.