Re: Directory/File Access Permissions for COPY and Generic File Access Functions

Поиск
Список
Период
Сортировка
От Robert Haas
Тема Re: Directory/File Access Permissions for COPY and Generic File Access Functions
Дата
Msg-id CA+TgmoZo+3dOL5f6_jX_6rRhF8a59TkREV_sV8kh4D4r+8NO6g@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Directory/File Access Permissions for COPY and Generic File Access Functions  (Andres Freund <andres@2ndquadrant.com>)
Ответы Re: Directory/File Access Permissions for COPY and Generic File Access Functions
Список pgsql-hackers
Дерево обсуждения 
On Wed, Oct 29, 2014 at 12:00 PM, Andres Freund <andres@2ndquadrant.com> wrote:
> It's possible to do this securely by doing a fstat() and checking the
> link count.

Good point.

>> And it
>> still doesn't protect against the case where you hardlink to a file
>> and then the permissions on that file are later changed.
>
> Imo that's simply not a problem that we need to solve - it's much more
> general and independent.

I don't see how you can draw an arbitrary line there.  We either
guarantee that the logged-in user can't usurp the server's
permissions, or we don't.  Making it happen only sometimes in cases
we're prepared to dismiss is not real security.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Andres Freund
Дата:
Сообщение: Re: Directory/File Access Permissions for COPY and Generic File Access Functions
Следующее
От: Andres Freund
Дата:
Сообщение: Re: Directory/File Access Permissions for COPY and Generic File Access Functions