Re: Directory/File Access Permissions for COPY and Generic File Access Functions

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Alvaro Herrera (alvherre(at)2ndquadrant(dot)com) wrote:
> >> Users cannot create a hard link to a file they can't already access.
>
> > The specifics actually depend on (on Linux, at least) the value of
> > /proc/sys/fs/protected_hardlink, which has existed in upstream since 3.6
> > (not sure about the RHEL kernels, though I expect they've incorporated
> > it also at some point along the way).
>
> No such file in RHEL 6.6 :-(.

Ouch. Although- have you tested when happens there? I wonder if
they've decided it's not worth allowing ever or if they feel that it's
not worth preventing and that security-concious software should check
the link count as Andres suggests.

> What the POSIX spec for link(2) says is
>
> [EACCES]
> A component of either path prefix denies search permission, or the
> requested link requires writing in a directory that denies write
> permission, or the calling process does not have permission to access
> the existing file and this is required by the implementation.

Yeah, I didn't mean to imply that this was provided by POSIX and you're
right to point out that we couldn't depend on this as it wouldn't be
cross-platform anyway.

Thanks,

Stephen