On Wed, Oct 29, 2014 at 5:22 PM, Greg Stark <stark@mit.edu> wrote:
> On Wed, Oct 29, 2014 at 3:52 PM, Robert Haas <robertmhaas@gmail.com> wrote:
>> And it still doesn't protect against the case where you hardlink to a file
>> and then the permissions on that file are later changed.
>
> Fwiw that's not how hard links work, at least UFS semantics
> permissions such as ext2 etc. Hard links are links to the same inode
> and permissions are associated with the file. There are other
> filesystems out there though. AFS for example associates permissions
> with directories.
That's exactly the point. The postgres user has owns file F and user
A has permissions on it. The DBA realizes this is bad and revokes
user A's permissions, but user A has already noticed and made a
hardlink to the file. When the DBA subsequently gives user A
permissions to have the server write to files in /home/a, a can induce
the server write to her hardlink even though she can no longer access
the file herself.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company