| From: | Andres Freund <andres(at)2ndquadrant(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
| Date: | 2014-10-29 16:07:29 |
| Message-ID: | 20141029160729.GC17724@awork2.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2014-10-29 12:03:54 -0400, Robert Haas wrote:
> >> And it
> >> still doesn't protect against the case where you hardlink to a file
> >> and then the permissions on that file are later changed.
> >
> > Imo that's simply not a problem that we need to solve - it's much more
> > general and independent.
>
> I don't see how you can draw an arbitrary line there. We either
> guarantee that the logged-in user can't usurp the server's
> permissions, or we don't. Making it happen only sometimes in cases
> we're prepared to dismiss is not real security.
I can draw the line because lowering the permissions of some file isn't
postgres' problem. If you do that, you better make sure that there's no
existing hardlinks pointing to the precious file. And that has nothing
to do with postgres.
But anyway, just refusing to work on hardlinked files would also get rid
of that problem.
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2014-10-29 16:09:00 | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
| Previous Message | Robert Haas | 2014-10-29 16:03:54 | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |