From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andres Freund <andres(at)2ndquadrant(dot)com>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
Date: | 2014-10-29 16:19:11 |
Message-ID: | 20141029161911.GP28859@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Alvaro Herrera (alvherre(at)2ndquadrant(dot)com) wrote:
> >> Users cannot create a hard link to a file they can't already access.
>
> > The specifics actually depend on (on Linux, at least) the value of
> > /proc/sys/fs/protected_hardlink, which has existed in upstream since 3.6
> > (not sure about the RHEL kernels, though I expect they've incorporated
> > it also at some point along the way).
>
> No such file in RHEL 6.6 :-(.
Ouch. Although- have you tested when happens there? I wonder if
they've decided it's not worth allowing ever or if they feel that it's
not worth preventing and that security-concious software should check
the link count as Andres suggests.
> What the POSIX spec for link(2) says is
>
> [EACCES]
> A component of either path prefix denies search permission, or the
> requested link requires writing in a directory that denies write
> permission, or the calling process does not have permission to access
> the existing file and this is required by the implementation.
Yeah, I didn't mean to imply that this was provided by POSIX and you're
right to point out that we couldn't depend on this as it wouldn't be
cross-platform anyway.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Josh Berkus | 2014-10-29 16:23:42 | Re: Allow peer/ident to fall back to md5? |
Previous Message | Tom Lane | 2014-10-29 16:14:37 | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |