Home > mailing lists

Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS)
Date	July 14 21:30:45
Msg-id	708241.1752517845@sss.pgh.pa.us Whole thread Raw
In response to	Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) ("Peter J. Holzer" <hjp-pgsql@hjp.at>)
Responses	Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS)
List	pgsql-general

Tree view

"Peter J. Holzer" <hjp-pgsql@hjp.at> writes:
> On 2025-07-14 10:07:20 -0400, Tom Lane wrote:
>> That is primarily for safety reasons: if for some reason the
>> filesystem gets dismounted, or hasn't come on-line yet during
>> a reboot, you do not want Postgres to be able to write on the
>> underlying mount-point directory.

> Be careful: There are two different directorys involved in a mount
> point. The one in the parent filesystem and the one in the mounted file
> system.

True, and the safety requirement really is only that the parent
filesystem's mount-point directory not be writable by us.
But normal practice is that both directories are root-owned,
or at least owned by highly privileged users.

(I have a vague idea that there are system-level security hazards,
not specific to Postgres, if mount-point directories are publicly
writable.  Don't feel like researching that though.)

            regards, tom lane

pgsql-general by date:

From: Greg Hennessy
Date: 14 July, 21:25:19
Subject: Re: optimizing number of workers

From: Tom Lane
Date: 14 July, 21:54:42
Subject: Re: optimizing number of workers

Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) - Mailing list pgsql-general

Previous

Next