Heikki Linnakangas wrote:
> KaiGai Kohei wrote:
>> As I promised last week, SE-PostgreSQL patches are revised here:
>
> There's checks for reading/writing files with COPY, in
> sepgsqlCheckFileRead sepgsqlCheckFileWrite). Doesn't the OS do similar
> checks when the process tries to invoke the read()/write()? Is that not
> enough?
Please note that who invokes read()/write() system calls.
In this case, PostgreSQL server process invokes these system calls
instead of the client process.
So, operating system need to allow the PostgreSQL server process
to invoke these system calls on the target files of COPY TO/FROM.
In addition, SE-PostgreSQL also checks read/write permission of
client process for these files. Why it is possible is client's
privileges are represented in same form of operating system.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>
