On 2014-10-29 12:09:00 -0400, Tom Lane wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > * Robert Haas (robertmhaas@gmail.com) wrote:
> >> I think the question is "just how innumerable are those attack
> >> routes"? So, we can prevent a symlink from being used via O_NOFOLLOW.
> >> But what about hard links?
>
> > You can't hard link to files you don't own.
>
> That restriction exists on only some platforms.
Yea, it's nothing we can rely on. I do think checking the link count to
be 1 is safe though.
> Current OS X for instance
> seems perfectly willing to allow it (suggesting that most BSDen probably
> do likewise), and I see no language supporting your claim in the POSIX
> spec for link(2).
I'd argue that there's no point in treating OSX as a securable platform
:P
Greetings,
Andres Freund
-- Andres Freund http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services