| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Andres Freund <andres(at)2ndquadrant(dot)com>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
| Date: | 2014-10-29 16:34:59 |
| Message-ID: | 20141029163459.GQ28859@tamriel.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> This points up the fact that platform-specific security holes are likely
> to be a huge part of the problem. I won't even speculate about our odds
> of building something that's secure on Windows.
Andres' suggestion to only provide it on platforms which support
O_NOFOLLOW and O_EXCL certainly seems appropriate, along with fstat'ing
after we've opened it and checking that there's only one hard-link to
it. As for Windows, it looks like you can get a file's attributes after
opening it by using GetFileInformationByHandle and you can then check if
it's a junction point or not (which would indicate if it's either a
symbolic link or a hard link, from what I can see). Obviously, we'd
need to get input from someone more familiar with Windows than I am
before we can be confident of this approach though.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adam Brightwell | 2014-10-29 16:36:06 | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
| Previous Message | Simon Riggs | 2014-10-29 16:33:57 | Re: group locking: incomplete patch, just for discussion |