Re: Directory/File Access Permissions for COPY and Generic File Access Functions
| От | Tom Lane |
|---|---|
| Тема | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
| Дата | |
| Msg-id | 25457.1414598940@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Directory/File Access Permissions for COPY and Generic File Access Functions (Stephen Frost <sfrost@snowman.net>) |
| Ответы |
Re: Directory/File Access Permissions for COPY and Generic
File Access Functions
Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
| Список | pgsql-hackers |
Stephen Frost <sfrost@snowman.net> writes:
> * Robert Haas (robertmhaas@gmail.com) wrote:
>> I think the question is "just how innumerable are those attack
>> routes"? So, we can prevent a symlink from being used via O_NOFOLLOW.
>> But what about hard links?
> You can't hard link to files you don't own.
That restriction exists on only some platforms. Current OS X for instance
seems perfectly willing to allow it (suggesting that most BSDen probably
do likewise), and I see no language supporting your claim in the POSIX
spec for link(2).
This points up the fact that platform-specific security holes are likely
to be a huge part of the problem. I won't even speculate about our odds
of building something that's secure on Windows.
regards, tom lane
В списке pgsql-hackers по дате отправления: