| From: | "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov> |
|---|---|
| To: | Greg Smith <greg(at)2ndquadrant(dot)com> |
| Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, jd(at)commandprompt(dot)com, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-08 15:07:24 |
| Message-ID: | 1260284844.2484.49.camel@moss-terrapins.epoch.ncsc.mil |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 2009-12-07 at 22:25 -0500, Greg Smith wrote:
> David P. Quigley wrote:
> > Not to start a flame war here about access control models but you gave 3
> > different examples one of which I don't think has any means to do
> > anything productive here.
> You won't be starting a flame war for the same reason some of the
> community members are so concerned about this patch. There aren't enough
> people familiar with this part of the security field within our database
> developer community to even be able to answer fairly basic questions
> like the one you just clarified. If you can help bring more qualified
> reviewers to bear on that, it would be extremely helpful. I even tried
> to organize a meetup between PostgreSQL hackers working in this area and
> the security people I knew around here (Baltimore/DC) last year, but
> just couldn't find any interested enough to show. Other than a brief
> visit on this list from some of the Tresys guys, we haven't seen much
> input here beyond that offered by the patch author, who's obviously
> qualified but at the end of the day is still only one opinion. He's also
> not in a good position to tell other people their ideas are misinformed
> either.
>
I can't make any guarantees on who I can drag to a meeting but if you
wanted to try to organize another meeting between the Postgres people
and some of us I can try to organize it on our end. One of my coworkers
that does a lot of commenting on stuff like this is on leave at the
moment but when he gets back I'll discuss it with him. I'll also talk
with some of the other people in the area on our end to see what I can
arrange.
If you have any questions in the meantime feel free to ask. If there are
any specific parts of the patch that you'd like discussed I can do that
as well. I do have to agree though that I'd rather see KaiGai's original
security plugin framework go in and then merge a particular security
module after that.From what I see it would require at least the hook
framework and the label storage mechanism. I feel bad saying that
knowing the KaiGai spent a lot of time ripping all of that out. However
if you are concerned about supporting more than just SELinux as a MAC
model then the plugin framework he originally proposed is the better
solution.
I'd be willing to take a look at the framework and see if it really is
SELinux centric. If it is we can figure out if there is a way to
accomodate something like SMACK and FMAC. I'd like to hear from someone
with more extensive experience with Solaris Trusted Extensions about how
TX would make use of this. I have a feeling it would be similar to the
way it deals with NFS which is by having the process exist in the global
zone as a privileged process and then multi-plexes it to the remaining
zones. That way their getpeercon would get a label derived from the
zone.
Dave
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2009-12-08 15:15:51 | Re: A sniffer for the buffer |
| Previous Message | Ross J. Reedstrom | 2009-12-08 14:54:49 | Re: [HACKERS] New PostgreSQL Committers |