Andres Freund <andres@2ndquadrant.com> writes:
> On 2013-09-08 20:00:58 +0200, Daniel V�rit� wrote:
>> Or is there a simpler way to deal with the above case?
> One would be to use open(O_NOFOLLOW)?
That would only stop symlink attacks, not hardlink variants;
and it'd probably stop some legitimate use-cases too.
> But more generally I am of the opinion that it's the superusers
> responsibility to make sure that cannot happen by only using properly
> secured files.
Yeah. ISTM that any restriction we could add that would prevent this
would present a serious obstacle to many legitimate use-cases as well.
It might be reasonable to document the scenario Daniel describes,
though.
regards, tom lane