Yet another security note. Hardlinks.

Let’s imagine that you have a bunch of files(with default mode “rw-r–r–“) and you configured automatic or performed manual hardlink based backup of them.
Then you moved one of these files to “secured” folder, that have strict rights (“drwx——” for example).
Before adding some confidential information to this file it was good idea to change file permissions to more strict one. But it is not clear how important it is because no one but owner can access file located at “secured/file” when “secured” folder have “drwx——” rights.
Well… Let’s preserve old permissions if changing of them is not necessary.
But what about hardlink to file saved in usual folder? Oh yes, file located at “usual/file” still can be opened by everyone.
– You must remember about all hardlinks of your files when you think about security.
– Creating hardlinks by inode and opening file by inode denied by security reasons.

Yuriy Nazarov on GithubYuriy Nazarov on Twitter
Yuriy Nazarov
Software engineer
Love machine learning