| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1197) |
| Date: | 2008-11-26 00:00:45 |
| Message-ID: | 1227657645.14213.17.camel@hp_dx2400_1 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 2008-11-24 at 22:09 +0900, KaiGai Kohei wrote:
> I removed the two hooks at the r1244 patch set.
> As you said, it is fundamentally danger to load uncertain binary modules.
> Thus, what we should do is checks on module loading.
>
> The default security policy requires loadable modules to be labeled as
> 'lib_t' type which means shared library files installed correctly.
We definitely want to include add-in modules with high security systems,
e.g. GIS and oracle compatibility functions.
--
Simon Riggs www.2ndQuadrant.com
PostgreSQL Training, Services and Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-11-26 00:30:34 | Re: Column reordering in pg_dump |
| Previous Message | Decibel! | 2008-11-25 23:45:36 | Re: Visibility map, partial vacuums |