Quick Links

Re: Directory/File Access Permissions for COPY and Generic File Access Functions

From:	Robert Haas <robertmhaas(at)gmail(dot)com>
To:	Stephen Frost <sfrost(at)snowman(dot)net>
Cc:	Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Andres Freund <andres(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Directory/File Access Permissions for COPY and Generic File Access Functions
Date:	2014-10-29 15:52:43
Message-ID:	CA+Tgmoa8KrphYHi7Cpp9r0hrSYuFQtUJ8T-4yD6b12gXD2+qQA@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Wed, Oct 29, 2014 at 11:34 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> The specifics actually depend on (on Linux, at least) the value of
> /proc/sys/fs/protected_hardlink, which has existed in upstream since 3.6
> (not sure about the RHEL kernels, though I expect they've incorporated
> it also at some point along the way).
>
> There is a similar /proc/sys/fs/protected_symlinks control for dealing
> with the same kind of time-of-check / time-of-use issues that exist with
> symlinks.
>
> At least on my Ubuntu 14.04 systems, these are both set to '1'.

Playing devil's advocate here for a minute, you're saying that
new-enough versions of Linux have an optional feature that prevents
this attack. I think an argument could be made that this is basically
unsecurable on any other platform, or even old Linux versions. And it
still doesn't protect against the case where you hardlink to a file
and then the permissions on that file are later changed.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Re: Directory/File Access Permissions for COPY and Generic File Access Functions at 2014-10-29 15:34:58 from Stephen Frost

Responses

Re: Directory/File Access Permissions for COPY and Generic File Access Functions at 2014-10-29 16:00:59 from Andres Freund
Re: Directory/File Access Permissions for COPY and Generic File Access Functions at 2014-10-29 21:22:22 from Greg Stark

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Andres Freund	2014-10-29 16:00:59	Re: Directory/File Access Permissions for COPY and Generic File Access Functions
Previous Message	Robert Haas	2014-10-29 15:43:37	Re: group locking: incomplete patch, just for discussion