TritonDataCenter
Should OpenSSH relinquish file_link_any privilege ?
Trying to do a sftp "rename toto titi" fails with a permission denied when the owner of the file is not the connected user (even though the file is writeable by anyone, as well as its containing directory).
Tracing sshd with truss shows the offending system call: link(".../toto", ".../titi") Err#1 EPERM [file_link_any]
This only happens when the client does not support the [email protected] otherwise a rename is done instead of a pair of link/unlink. Test client: Sun_SSH_1.5, SSH protocols 1.5/2.0, OpenSSL 0x1000107f from omnios-6de5e81 Test Server: OpenSSH_7.1p2, OpenSSL 1.0.1p 9 Jul 2015 from http://pkgsrc.joyent.com/packages/SmartOS/2015Q4/x86_64/All
looks like this is unconditionally hardcoded upstream via platform_pledge_sftp_server https://github.com/openssh/openssh-portable/commit/4626cbaf78767fc8e9c86dd04785386c59ae0839