From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andres Freund <andres(at)2ndquadrant(dot)com>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
Date: | 2014-10-29 16:31:16 |
Message-ID: | 26024.1414600276@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> No such file in RHEL 6.6 :-(.
> Ouch. Although- have you tested when happens there?
Pretty much exactly the same thing I just saw on OSX, ie, nothing.
[tgl(at)sss1 zzz]$ touch foo
[tgl(at)sss1 zzz]$ ls -l
total 0
-rw-rw-r--. 1 tgl tgl 0 Oct 29 12:23 foo
[tgl(at)sss1 zzz]$ ln foo bar
[tgl(at)sss1 zzz]$ ls -l
total 0
-rw-rw-r--. 2 tgl tgl 0 Oct 29 12:23 bar
-rw-rw-r--. 2 tgl tgl 0 Oct 29 12:23 foo
[tgl(at)sss1 zzz]$ chmod 000 foo
[tgl(at)sss1 zzz]$ sudo chown root foo
[tgl(at)sss1 zzz]$ ln foo baz
[tgl(at)sss1 zzz]$ ls -l
total 0
----------. 3 root tgl 0 Oct 29 12:23 bar
----------. 3 root tgl 0 Oct 29 12:23 baz
----------. 3 root tgl 0 Oct 29 12:23 foo
[tgl(at)sss1 zzz]$ uname -a
Linux sss1.sss.pgh.pa.us 2.6.32-504.el6.x86_64 #1 SMP Tue Sep 16 01:56:35 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
> I wonder if
> they've decided it's not worth allowing ever or if they feel that it's
> not worth preventing and that security-concious software should check
> the link count as Andres suggests.
Probably it's just that it's a new feature that they've not chosen to
back-port into 2.6.x kernels. I'm sure they're following the upstream
kernels in newer release series. But even if they had chosen to back-port
it, you can be entirely darn sure it wouldn't be turned on by default in
the RHEL6 series; they'd be too worried about breaking existing
applications.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Simon Riggs | 2014-10-29 16:33:57 | Re: group locking: incomplete patch, just for discussion |
Previous Message | Josh Berkus | 2014-10-29 16:23:42 | Re: Allow peer/ident to fall back to md5? |