Re: file_fdw target file ownership

Andres Freund <andres@2ndquadrant.com> writes:
> On 2013-09-08 20:00:58 +0200, Daniel V�rit� wrote:
>> Or is there a simpler way to deal with the above case?

> One would be to use open(O_NOFOLLOW)?

That would only stop symlink attacks, not hardlink variants;
and it'd probably stop some legitimate use-cases too.

> But more generally I am of the opinion that it's the superusers
> responsibility to make sure that cannot happen by only using properly
> secured files.

Yeah.  ISTM that any restriction we could add that would prevent this
would present a serious obstacle to many legitimate use-cases as well.

It might be reasonable to document the scenario Daniel describes,
though.
        regards, tom lane