Re: Directory/File Access Permissions for COPY and Generic File Access Functions - Mailing list pgsql-hackers

From Robert Haas
Subject Re: Directory/File Access Permissions for COPY and Generic File Access Functions
Date
Msg-id CA+Tgmoa8KrphYHi7Cpp9r0hrSYuFQtUJ8T-4yD6b12gXD2+qQA@mail.gmail.com
Whole thread Raw
In response to Re: Directory/File Access Permissions for COPY and Generic File Access Functions  (Stephen Frost <sfrost@snowman.net>)
Responses Re: Directory/File Access Permissions for COPY and Generic File Access Functions
Re: Directory/File Access Permissions for COPY and Generic File Access Functions
List pgsql-hackers
On Wed, Oct 29, 2014 at 11:34 AM, Stephen Frost <sfrost@snowman.net> wrote:
> The specifics actually depend on (on Linux, at least) the value of
> /proc/sys/fs/protected_hardlink, which has existed in upstream since 3.6
> (not sure about the RHEL kernels, though I expect they've incorporated
> it also at some point along the way).
>
> There is a similar /proc/sys/fs/protected_symlinks control for dealing
> with the same kind of time-of-check / time-of-use issues that exist with
> symlinks.
>
> At least on my Ubuntu 14.04 systems, these are both set to '1'.

Playing devil's advocate here for a minute, you're saying that
new-enough versions of Linux have an optional feature that prevents
this attack.  I think an argument could be made that this is basically
unsecurable on any other platform, or even old Linux versions.  And it
still doesn't protect against the case where you hardlink to a file
and then the permissions on that file are later changed.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: group locking: incomplete patch, just for discussion
Next
From: Robert Haas
Date:
Subject: Re: Trailing comma support in SELECT statements