Re: Directory/File Access Permissions for COPY and Generic File Access Functions

Robert Haas wrote:
> On Wed, Oct 29, 2014 at 10:52 AM, Andres Freund <andres@2ndquadrant.com> wrote:
> >> The larger point though is that this is just one of innumerable attack
> >> routes for anyone with the ability to make the server do filesystem reads
> >> or writes of his choosing.  If you think that's something you can safely
> >> give to people you don't trust enough to make them superusers, you are
> >> wrong, and I don't particularly want to spend the next ten years trying
> >> to wrap band-aids around your misjudgment.
> >
> > ... but that doesn't necessarily address this point.
> 
> I think the question is "just how innumerable are those attack
> routes"?  So, we can prevent a symlink from being used via O_NOFOLLOW.
> But what about hard links?

Users cannot create a hard link to a file they can't already access.

-- 
Álvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services