Re: Directory/File Access Permissions for COPY and Generic File Access Functions

On 2014-10-29 12:09:00 -0400, Tom Lane wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > * Robert Haas (robertmhaas@gmail.com) wrote:
> >> I think the question is "just how innumerable are those attack
> >> routes"?  So, we can prevent a symlink from being used via O_NOFOLLOW.
> >> But what about hard links?
> 
> > You can't hard link to files you don't own.
> 
> That restriction exists on only some platforms.

Yea, it's nothing we can rely on. I do think checking the link count to
be 1 is safe though.

> Current OS X for instance
> seems perfectly willing to allow it (suggesting that most BSDen probably
> do likewise), and I see no language supporting your claim in the POSIX
> spec for link(2).

I'd argue that there's no point in treating OSX as a securable platform
:P

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services