Robert Haas wrote: > On Wed, Oct 29, 2014 at 10:52 AM, Andres Freund <and...@2ndquadrant.com> > wrote: > >> The larger point though is that this is just one of innumerable attack > >> routes for anyone with the ability to make the server do filesystem reads > >> or writes of his choosing. If you think that's something you can safely > >> give to people you don't trust enough to make them superusers, you are > >> wrong, and I don't particularly want to spend the next ten years trying > >> to wrap band-aids around your misjudgment. > > > > ... but that doesn't necessarily address this point. > > I think the question is "just how innumerable are those attack > routes"? So, we can prevent a symlink from being used via O_NOFOLLOW. > But what about hard links?
Users cannot create a hard link to a file they can't already access. -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
