Re: Directory/File Access Permissions for COPY and Generic File Access Functions

* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > * Alvaro Herrera (alvherre@2ndquadrant.com) wrote:
> >> Users cannot create a hard link to a file they can't already access.
>
> > The specifics actually depend on (on Linux, at least) the value of
> > /proc/sys/fs/protected_hardlink, which has existed in upstream since 3.6
> > (not sure about the RHEL kernels, though I expect they've incorporated
> > it also at some point along the way).
>
> No such file in RHEL 6.6 :-(.

Ouch.  Although- have you tested when happens there?  I wonder if
they've decided it's not worth allowing ever or if they feel that it's
not worth preventing and that security-concious software should check
the link count as Andres suggests.

> What the POSIX spec for link(2) says is
>
> [EACCES]
>   A component of either path prefix denies search permission, or the
>   requested link requires writing in a directory that denies write
>   permission, or the calling process does not have permission to access
>   the existing file and this is required by the implementation.

Yeah, I didn't mean to imply that this was provided by POSIX and you're
right to point out that we couldn't depend on this as it wouldn't be
cross-platform anyway.
Thanks,
    Stephen