| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, Josh Berkus <josh(at)agliodbs(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-10 03:43:23 |
| Message-ID: | 200912100343.nBA3hNV05382@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas wrote:
> On Wed, Dec 9, 2009 at 5:38 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> > If you want to avoid all good reasons for this features and are looking
> > for reasons why this patch is a bad idea, I am sure you can find them.
>
> You seem to be suggesting that our reactions are pure obstructionism,
> or that they have an ulterior motive.
I am merely stating that this is the same as the Win32 port, and that
there are many reasons to believe the SE-PostgreSQL patch will cause all
sorts of problems --- this is not a surprise. I am giving a realistic
analysis of the patch --- if people want to say that thinking of it as
two separate patches that have to be maintained separately is a terrible
idea, I have no reply except to say that realistically that is the only
possible direction I see for this feature in the short term. Few
Postgres people modifying the permissions system are going to understand
how to modify SE-Linux support routines to match their changes.
I got a similar reaction when I wanted to do the Win32 port, and the
reasons not to do it were similar to the ones I am hearing now. Finally
the agreement was that I could attempt the Win32 port as long as I
didn't destabilize the rest of the code --- not exactly a resounding
endorsement. Looking back I think everyone is glad we did the port, but
at the time there wasn't much support. I got the same reaction to
pg_migrator.
I am having trouble figuring out when I should heed community concerns,
and when the concerns are merely because the task is
hard/messy/difficult. Frankly, we don't analyze hard/messy/difficult
tasks very well. Now, I am not saying that the SE-PostgreSQL patch
should be pursued, but I am saying that we shouldn't avoid it for these
reasons, because sometimes hard/messy/difficult is necessary to
accomplish dramatic software advances.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-12-10 04:33:39 | Re: unprivileged user |
| Previous Message | Robert Haas | 2009-12-10 03:20:21 | Re: ProcessUtility_hook |