On Wed, Oct 29, 2014 at 5:22 PM, Greg Stark <st...@mit.edu> wrote: > On Wed, Oct 29, 2014 at 3:52 PM, Robert Haas <robertmh...@gmail.com> wrote: >> And it still doesn't protect against the case where you hardlink to a file >> and then the permissions on that file are later changed. > > Fwiw that's not how hard links work, at least UFS semantics > permissions such as ext2 etc. Hard links are links to the same inode > and permissions are associated with the file. There are other > filesystems out there though. AFS for example associates permissions > with directories.
That's exactly the point. The postgres user has owns file F and user A has permissions on it. The DBA realizes this is bad and revokes user A's permissions, but user A has already noticed and made a hardlink to the file. When the DBA subsequently gives user A permissions to have the server write to files in /home/a, a can induce the server write to her hardlink even though she can no longer access the file herself. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
