* Andres Freund (and...@2ndquadrant.com) wrote: > On 2014-10-29 12:03:54 -0400, Robert Haas wrote: > > I don't see how you can draw an arbitrary line there. We either > > guarantee that the logged-in user can't usurp the server's > > permissions, or we don't. Making it happen only sometimes in cases > > we're prepared to dismiss is not real security. > > I can draw the line because lowering the permissions of some file isn't > postgres' problem. If you do that, you better make sure that there's no > existing hardlinks pointing to the precious file. And that has nothing > to do with postgres. > > But anyway, just refusing to work on hardlinked files would also get rid > of that problem.
Right, I was just about to point out the same- the fstat/link-count
approach addresses the issue also.
As for the 'new-enough' versions of Linux, my point there was simply
that these are issues which people who are concerned about security have
been looking at and working to address. History shows a pretty thorny
past, certainly, but SMTP has a similar past.
Thanks,
Stephen
signature.asc
Description: Digital signature
