From:
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc:
jd(at)commandprompt(dot)com, David Fetter <david(at)fetter(dot)org>,
Bruce Momjian <bruce(at)momjian(dot)us>,
Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>,
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org
Subject:
Re: SE-PgSQL patch review
Date:
2009-12-02 03:30:40
Message-ID:
461.1259724640@sss.pgh.pa.us (view raw or flat )
Thread:
2009-11-24 02:54:47 from Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-11-24 06:12:43 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-11-24 07:05:48 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-11-24 16:07:59 from "Ross J(dot) Reedstrom" <reedstrm(at)rice(dot)edu>
2009-11-24 22:17:54 from KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
2009-11-25 01:52:04 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-11-25 02:55:32 from Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-11-25 04:07:34 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-11-25 05:25:40 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-11-25 08:34:32 from Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-11-25 09:55:32 from KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
2009-11-26 02:15:46 from Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-11-26 04:25:22 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-11-26 07:41:51 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2009-11-30 06:40:30 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-01 04:03:08 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-01 04:28:28 from David Fetter <david(at)fetter(dot)org>
2009-12-01 05:27:07 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-01 19:22:58 from Josh Berkus <josh(at)agliodbs(dot)com>
2009-12-02 01:52:20 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-01 19:27:06 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2009-12-01 19:46:27 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-01 21:21:51 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2009-12-02 02:07:19 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-02 02:46:23 from Greg Williamson <gwilliamson39(at)yahoo(dot)com>
2009-12-02 03:15:55 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-02 03:30:40 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-02 05:11:22 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-02 16:16:24 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-02 18:53:46 from Josh Berkus <josh(at)agliodbs(dot)com>
2009-12-02 20:37:16 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-03 00:32:05 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-03 00:47:44 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2009-12-03 21:46:23 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-03 01:10:40 from Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>
2009-12-03 01:58:24 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-03 22:23:34 from Josh Berkus <josh(at)agliodbs(dot)com>
2009-12-05 04:30:20 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-05 05:14:02 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-05 11:47:46 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-05 13:18:13 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-07 02:29:15 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-07 14:48:59 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-07 15:12:54 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-07 15:48:31 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2009-12-07 16:09:59 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2009-12-07 16:33:02 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2009-12-07 16:54:57 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-07 18:10:55 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2009-12-08 21:29:09 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2009-12-08 21:51:50 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-08 22:42:55 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-07 15:55:48 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-07 16:45:22 from Chris Browne <cbbrowne(at)acm(dot)org>
2009-12-07 17:21:06 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-08 21:31:09 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2009-12-08 01:10:31 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-07 18:00:20 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-07 18:17:05 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-07 18:33:02 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-08 01:27:09 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-08 02:33:02 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-08 02:57:45 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2009-12-08 03:25:48 from Greg Smith <greg(at)2ndquadrant(dot)com>
2009-12-08 15:07:24 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-08 15:19:37 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-09 00:19:28 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-07 22:57:11 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-08 01:42:53 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-08 16:48:07 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-08 16:51:01 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-08 17:16:32 from "Chad Sellers" <csellers(at)tresys(dot)com>
2009-12-08 17:36:35 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-08 18:50:53 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-08 19:22:02 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-08 19:50:45 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-08 20:26:14 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-08 21:41:58 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-09 05:18:19 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-08 19:24:43 from Chad Sellers <csellers(at)tresys(dot)com>
2009-12-08 20:24:59 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-08 21:14:51 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-09 02:34:21 from Greg Smith <greg(at)2ndquadrant(dot)com>
2009-12-08 21:42:25 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-09 00:58:20 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-09 06:44:12 from Magnus Hagander <magnus(at)hagander(dot)net>
2009-12-09 11:49:52 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-09 22:38:38 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-10 00:28:04 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-10 01:41:25 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-10 03:43:23 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-10 21:26:48 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-10 22:08:17 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-10 22:13:18 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-11 02:49:21 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-10 22:24:08 from Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
2009-12-10 22:25:10 from Andres Freund <andres(at)anarazel(dot)de>
2009-12-11 01:28:57 from Greg Smith <greg(at)2ndquadrant(dot)com>
2009-12-11 01:41:42 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-11 04:45:37 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-11 04:54:17 from Greg Smith <greg(at)2ndquadrant(dot)com>
2009-12-11 05:17:25 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-11 05:50:29 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-11 14:32:12 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-11 15:07:16 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-11 16:28:34 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 17:06:49 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-11 16:30:27 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-11 16:40:23 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 18:17:00 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-11 20:09:01 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 17:10:58 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-11 18:52:44 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 20:03:28 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-11 20:28:12 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 21:34:42 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-11 22:18:17 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 23:20:02 from Greg Smith <greg(at)2ndquadrant(dot)com>
2009-12-11 19:11:24 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 20:14:36 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-11 21:26:24 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 21:41:36 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-11 22:36:54 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-12 00:27:24 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-12 00:52:27 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-12 17:12:44 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-12 19:30:48 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-12 17:10:24 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-12 01:02:49 from KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
2009-12-11 20:25:19 from Stephen Smalley <sds(at)tycho(dot)nsa(dot)gov>
2009-12-11 21:29:21 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 09:31:45 from Magnus Hagander <magnus(at)hagander(dot)net>
2009-12-11 14:20:58 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-11 14:37:44 from Stephen Smalley <sds(at)tycho(dot)nsa(dot)gov>
2009-12-11 15:24:52 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 13:56:02 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 14:34:32 from Joshua Brindle <method(at)manicmethod(dot)com>
2009-12-12 00:15:20 from Greg Smith <greg(at)2ndquadrant(dot)com>
2009-12-11 15:24:52 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-11 16:16:27 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-11 17:25:19 from "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
2009-12-11 20:06:54 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-12 01:41:57 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-12 01:49:55 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-12 01:54:08 from Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>
2009-12-12 01:59:31 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-13 13:32:17 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-14 13:45:24 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-15 03:21:06 from Stephen Frost <sfrost(at)snowman(dot)net>
2009-12-15 15:03:54 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-16 02:56:02 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-09 06:52:52 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-09 02:11:42 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-05 19:31:33 from Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>
2009-12-03 00:27:17 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-02 23:05:51 from Greg Stark <gsstark(at)mit(dot)edu>
2009-12-03 01:27:49 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-03 01:19:49 from Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>
2009-12-03 02:18:59 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-02 01:53:14 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-01 04:37:36 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-11-25 14:05:44 from Robert Haas <robertmhaas(at)gmail(dot)com>
Lists:
pgsql-hackers
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
> Joshua D. Drake wrote:
>> I just did a little research and it appears the other two big names in
>> this world (Novel and Ubuntu) are using something called App Armor.
> As far as I can see, SUSE, Ubuntu and Debian provide SELinux option.
> But they are more conservative than RedHat/Fedora, because it is not
> enabled in the default installation.
> I don't think it is unpreferable decision. Users can choose the option
> by themself according to requirements in the system.
Based on Red Hat's experience, it is a safe bet that not enabling
SELinux by default guarantees the feature will remain useless to the
average user. As was pointed out upthread (and I can confirm from
personal experience), it's taken *years* for Red Hat to develop the
security policy to a point where it's even marginally usable by anyone
who isn't willing to put up with a great deal of annoyance because they
have an extreme need. And that's despite having a well-defined, not too
ambitious goal for what it is they are trying to secure: for the most
part, RH's default policy doesn't try to lock down anything except
network-accessible services. SUSE and the rest of them may "have the
feature", but they don't have it in a usable form, and won't ever have
it without a much larger effort than they're making.
Even if we were to accept the SEPostgres patches lock stock and barrel
tomorrow, I don't foresee that it will ever get to the point of being
useful except to an extremely small group of users who are driven by
extreme need. Nobody else is going to have the motivation needed to
develop custom security policies, and there simply isn't any chance
of anyone developing any generally useful default policy. Red Hat's
policy has been trying to cope with cases like "which directories should
Apache be allowed to read, *given that it's running a Red-Hat-standard
configuration*?" That's far more circumscribed than any useful database
policy would be, because database applications aren't nearly that
standardized.
If SEPostgres were a small patch that wouldn't need much ongoing effort,
I might think it's reasonable to adopt it for the benefit of only a small
group of users. However, it's not small, it's not simple, and it will
not be low-maintenance. I'm afraid the cost-benefit ratio from the
project's perspective is just not reasonable.
regards, tom lane
In response to
Responses
pgsql-hackers by date
Next :From: Bruce MomjianDate: 2009-12-02 03:34:11Subject : Re: Page-level version upgrade (was: Block-level
CRC checks)Previous :From : Robert HaasDate : 2009-12-02 03:21:41Subject : Re: Page-level version upgrade (was: Block-level CRC checks)
