Heikki Linnakangas wrote: > KaiGai Kohei wrote: >> As I promised last week, SE-PostgreSQL patches are revised here: > > There's checks for reading/writing files with COPY, in > sepgsqlCheckFileRead sepgsqlCheckFileWrite). Doesn't the OS do similar > checks when the process tries to invoke the read()/write()? Is that not > enough?
Please note that who invokes read()/write() system calls. In this case, PostgreSQL server process invokes these system calls instead of the client process. So, operating system need to allow the PostgreSQL server process to invoke these system calls on the target files of COPY TO/FROM. In addition, SE-PostgreSQL also checks read/write permission of client process for these files. Why it is possible is client's privileges are represented in same form of operating system. Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
