* Tom Lane ([email protected]) wrote: > Stephen Frost <[email protected]> writes: > > * Alvaro Herrera ([email protected]) wrote: > >> Users cannot create a hard link to a file they can't already access. > > > The specifics actually depend on (on Linux, at least) the value of > > /proc/sys/fs/protected_hardlink, which has existed in upstream since 3.6 > > (not sure about the RHEL kernels, though I expect they've incorporated > > it also at some point along the way). > > No such file in RHEL 6.6 :-(.
Ouch. Although- have you tested when happens there? I wonder if
they've decided it's not worth allowing ever or if they feel that it's
not worth preventing and that security-concious software should check
the link count as Andres suggests.
> What the POSIX spec for link(2) says is
>
> [EACCES]
> A component of either path prefix denies search permission, or the
> requested link requires writing in a directory that denies write
> permission, or the calling process does not have permission to access
> the existing file and this is required by the implementation.
Yeah, I didn't mean to imply that this was provided by POSIX and you're
right to point out that we couldn't depend on this as it wouldn't be
cross-platform anyway.
Thanks,
Stephen
signature.asc
Description: Digital signature
