Re: [0/4] Proposal of SE-PostgreSQL patches

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
Subject: Re: [0/4] Proposal of SE-PostgreSQL patches
Date: 2008-06-26 03:58:09
Message-ID: 200806260358.m5Q3w9w02780@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches


Added to TODO:

* Improve server security options

http://archives.postgresql.org/pgsql-hackers/2008-04/msg01875.php
http://archives.postgresql.org/pgsql-hackers/2008-05/msg00000.php

---------------------------------------------------------------------------

KaiGai Kohei wrote:
> I updated the series of SE-PostgreSQL patches for the latest pgsql-8.4devel tree.
>
> [1/4] sepostgresql-pgace-8.4devel-3-r739.patch
> provides PGACE (PostgreSQL Access Control Extension) framework.
> http://sepgsql.googlecode.com/files/sepostgresql-pgace-8.4devel-3-r739.patch
>
> [2/4] sepostgresql-sepgsql-8.4devel-3-r739.patch
> provides SE-PostgreSQL feature, based on PGACE framework.
> http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r739.patch
>
> [3/4] sepostgresql-pg_dump-8.4devel-3-r739.patch
> enables to dump databases with security attribute.
> http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r739.patch
>
> [4/4] sepostgresql-policy-8.4devel-3-r739.patch
> provides the default security policy of SE-PostgreSQL.
> http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r739.patch
>
> We provide a quick overview for SE-PostgreSQL at:
> http://code.google.com/p/sepgsql/wiki/WhatIsSEPostgreSQL
>
> Thanks,
>
> KaiGai Kohei wrote:
> > The series of patches are the proposal of Security-Enhanced PostgreSQL (SE-PostgreSQL)
> > for the upstreamed PostgreSQL 8.4 development cycle.
> >
> > [1/4] sepostgresql-pgace-8.4devel-3.patch
> > provides PGACE (PostgreSQL Access Control Extension) framework
> > http://sepgsql.googlecode.com/files/sepostgresql-pgace-8.4devel-3-r704.patch
> >
> > [2/4] sepostgresql-sepgsql-8.4devel-3.patch
> > provides SE-PostgreSQL feature, based on PGACE framework.
> > http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r704.patch
> >
> > [3/4] sepostgresql-pg_dump-8.4devel-3.patch
> > enables pg_dump to dump database with security attribute.
> > http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r704.patch
> >
> > [4/4] sepostgresql-policy-8.4devel-3.patch
> > provides the default security policy for SE-PostgreSQL.
> > http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r704.patch
> >
> > We can provide a quick overview for SE-PostgreSQL at:
> > http://code.google.com/p/sepgsql/wiki/WhatIsSEPostgreSQL
> >
> > ENVIRONMENT
> > -----------
> > Please confirm your environment.
> > The followings are requriements of SE-PostgreSQL.
> > * Fedora 8 or later system
> > * SELinux is enabled and working
> > * kernel-2.6.24 or later
> > * selinux-policy and selinux-policy-devel v3.0.8 or later
> > * libselinux, policycoreutils
> >
> > INSTALLATION
> > ------------
> > $ tar jxvf postgresql-snapshot.tar.bz2
> > $ cd postgresql-snapshot
> > $ patch -p1 < ../sepostgresql-pgace-8.4devel-3.patch
> > $ patch -p1 < ../sepostgresql-sepgsql-8.4devel-3.patch
> > $ patch -p1 < ../sepostgresql-pg_dump-8.4devel-3.patch
> > $ patch -p1 < ../sepostgresql-policy-8.4devel-3.patch
> >
> > $ ./configure --enable-selinux
> > $ make
> > $ make -C contrib/sepgsql-policy
> > $ su
> > # make install
> >
> > # /usr/sbin/semodule -i contrib/sepgsql-policy/sepostgresql.pp
> > (NOTE: semodule is a utility to load/unload security policy modules.)
> >
> > # /sbin/restorecon -R /usr/local/pgsql
> > (NOTE: restorecon is a utilicy to initialize security context of files.)
> >
> > SETUP
> > -----
> > # mkdir -p /opt/sepgsql
> > # chown foo_user:var_group /opt/sepgsql
> > # chcon -t postgresql_db_t /opt/sepgsql
> > (NOTE: chcon is a utility to set up security context of files.)
> > # exit
> >
> > $ /usr/sbin/run_init /usr/local/pgsql/bin/initdb -D /opt/sepgsql
> > (NOTE: run_init is a utility to start a program, as if it is branched from init script.)
> > $ /usr/local/pgsql/bin/pg_ctl -D /opt/sepgsql start
> >
> >
> > SUMMARYS FOR EVERY PATCHES
> > --------------------------
> > [1/4] - sepostgresql-pgace-8.4devel-3.patch
> >
> > This patch provides PGACE (PostgreSQL Access Control Extension) framework.
> >
> > It has a similar idea of LSM (Linu Security Module).
> > It can provide a guest module several hooks at strategic points.
> > The guest module can make its decision whether required actions should be
> > allowed, or not.
> > In addition, PGACE also provides falicilites to manage security attribute
> > of database objects. Any tuple can have a its security attribute, and the
> > guest module can refer it to control accesses.
> >
> > A more conprehensive memo at:
> > http://code.google.com/p/sepgsql/wiki/WhatIsPGACE
> >
> > [2/4] - sepostgresql-sepgsql-8.4devel-3.patch
> >
> > This patch provides SE-PostgreSQL facilities based on PGACE.
> >
> > Security-Enhanced PostgreSQL (SE-PostgreSQL) is a security extension
> > built in PostgreSQL, to provide system-wide consistency in access
> > controls. It enables to apply a single unigied security policy of
> > SELinux for both operating system and database management system.
> > In addition, it also provides fine-grained mandatory access which
> > includes column-/row- level non-bypassable access control even if
> > privileged database users.
> >
> > Quick overview at:
> > http://code.google.com/p/sepgsql/wiki/WhatIsSEPostgreSQL
> >
> > [3/4] - sepostgresql-pg_dump-8.4devel-3.patch
> >
> > This patch gives us a feature to dump database with security attribute.
> > It is turned on with '--enable-selinux' option at pg_dump/pg_dumpall,
> > when the server works as SE- version.
> > No need to say, users need to have enough capabilities to dump whole of
> > database. It it same when they tries to restore the database.
> >
> > [4/4] - sepostgresql-policy-8.4devel-3.patch
> >
> > This patch gives us the default security policy for SE-PostgreSQL.
> > You can build it as a security policy module. It can be linked with
> > the existing distributor's policy, and reloaded.
> >
>
>
> --
> OSS Platform Development Division, NEC
> KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2008-06-26 04:02:05 Re: Creating a VIEW with a POINT column
Previous Message Jan Urbański 2008-06-26 03:43:27 Re: Creating a VIEW with a POINT column

Browse pgsql-patches by date

  From Date Subject
Next Message Simon Riggs 2008-06-26 14:20:37 get_relation_stats_hook()
Previous Message Bruce Momjian 2008-06-26 03:39:37 Re: Fix pg_ctl restart bug