On 2014-10-29 11:52:43 -0400, Robert Haas wrote: > On Wed, Oct 29, 2014 at 11:34 AM, Stephen Frost <sfr...@snowman.net> wrote: > > The specifics actually depend on (on Linux, at least) the value of > > /proc/sys/fs/protected_hardlink, which has existed in upstream since 3.6 > > (not sure about the RHEL kernels, though I expect they've incorporated > > it also at some point along the way). > > > > There is a similar /proc/sys/fs/protected_symlinks control for dealing > > with the same kind of time-of-check / time-of-use issues that exist with > > symlinks. > > > > At least on my Ubuntu 14.04 systems, these are both set to '1'. > > Playing devil's advocate here for a minute, you're saying that > new-enough versions of Linux have an optional feature that prevents > this attack. I think an argument could be made that this is basically > unsecurable on any other platform, or even old Linux versions.
It's possible to do this securely by doing a fstat() and checking the link count. > And it > still doesn't protect against the case where you hardlink to a file > and then the permissions on that file are later changed. Imo that's simply not a problem that we need to solve - it's much more general and independent. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
