| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, PgHacker <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sepgsql contrib module |
| Date: | 2010-12-30 00:34:36 |
| Message-ID: | 1293669276.1892.12475.camel@ebony |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 2010-12-30 at 09:26 +0900, KaiGai Kohei wrote:
> > What happens if someone alters the configuration so that the sepgsql
> > plugin is no longer installed. Does the hidden data become visible?
> >
> Yes. If sepgsql plugin is uninstalled, the hidden data become visible.
> But no matter. Since only a person who is allowed to edit postgresql.conf
> can uninstall it, we cannot uninstall it in run-time.
> (An exception is loading a malicious module, but we will be able to
> hook this operation in the future version.)
IMHO all security labels should be invisible if the provider is not
installed correctly.
That at least prevents us from accidentally de-installing a module and
having top secret data be widely available.
If you have multiple providers configured, you need to be careful not to
allow a provider that incorrectly implements the plugin API, so that
prior plugins are no longer effective.
--
Simon Riggs http://www.2ndQuadrant.com/books/
PostgreSQL Development, 24x7 Support, Training and Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | KaiGai Kohei | 2010-12-30 01:15:08 | Re: sepgsql contrib module |
| Previous Message | Mark Kirkwood | 2010-12-30 00:32:01 | Vacuum of newly activated 8.3.12 standby receives warnings page xxx is uninitialized --- fixing |