Linux does (since version 3.6) have the ability to prevent users from creating hardlinks to files they don't own. (See man 5 proc under "/proc/sys/fs/protected_hardlinks".) I think FreeBSD has a similar sysctl option.
The linked article does mention it but warns "If you're not using systemd, the vanilla Linux kernel does not enable these protections by default".
>Couldn’t they introduce the same security feature mentioned for symlinks?
"The tmpfiles.d specification for the Z type more or less implies some kind of recursive chown. The spec heads off one type of vulnerability by saying that symlinks should not be followed; however, hard links are still a problem"
>As in, make it so by default you can’t create a hard link to a file you don’t already have write access to?
From the CVE: "when the fs.protected_hardlinks sysctl is turned off"
A description of that: "When set to “1” hardlinks cannot be created by users if they do not already own the source file, or do not have read/write access to it."
.. which apparently now won't work under systemd either!
IMO, he was wrong on this; it should have been enabled by default, and then the people who need that exceptionally rare legacy stuff can disable it with the same techniques (/proc, initrd) that he is currently suggesting to enable it.
As in, make it so by default you can’t create a hard link to a file you don’t already have write access to?