Re: Directory/File Access Permissions for COPY and Generic File Access Functions

On Wed, Oct 29, 2014 at 12:00 PM, Andres Freund <andres@2ndquadrant.com> wrote:
> It's possible to do this securely by doing a fstat() and checking the
> link count.

Good point.

>> And it
>> still doesn't protect against the case where you hardlink to a file
>> and then the permissions on that file are later changed.
>
> Imo that's simply not a problem that we need to solve - it's much more
> general and independent.

I don't see how you can draw an arbitrary line there.  We either
guarantee that the logged-in user can't usurp the server's
permissions, or we don't.  Making it happen only sometimes in cases
we're prepared to dismiss is not real security.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company