* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> This points up the fact that platform-specific security holes are likely
> to be a huge part of the problem. I won't even speculate about our odds
> of building something that's secure on Windows.
Andres' suggestion to only provide it on platforms which support
O_NOFOLLOW and O_EXCL certainly seems appropriate, along with fstat'ing
after we've opened it and checking that there's only one hard-link to
it. As for Windows, it looks like you can get a file's attributes after
opening it by using GetFileInformationByHandle and you can then check if
it's a junction point or not (which would indicate if it's either a
symbolic link or a hard link, from what I can see). Obviously, we'd
need to get input from someone more familiar with Windows than I am
before we can be confident of this approach though.
Thanks!
Stephen