Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
Cc: Greg Smith <gsmith(at)gregsmith(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2008-01-07 09:10:34
Message-ID: 4781EC8A.9010603@ak.jp.nec.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Joshua D. Drake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Sat, 29 Dec 2007 14:40:29 -0500 (EST)
> Greg Smith <gsmith(at)gregsmith(dot)com> wrote:
> 
>> On Sat, 29 Dec 2007, Joshua D. Drake wrote:
>>
>>> http://code.google.com/p/sepgsql/
>>> ???
>> Getting that to work required some obtrusive changes to the source
>> code, which they've only done to 8.2.4.  Even that doesn't seem to be 
>> production-quality and it's not clear how that will make its way into 
>> newer versions yet.
> 
> "they've" has the potential to be "we"... As I recall the individual
> made a reasonable effort to introduce the work that he was doing to the
> community.
> 
> http://archives.postgresql.org/pgsql-hackers/2007-03/msg00271.php
> http://archives.postgresql.org/pgsql-hackers/2007-04/msg00664.php

If my memory is correct, the alpha implementation was announced after
the feature freeze date of 8.3.
# Sorry for my lacking of understanding for PostgreSQL development processes.

Therefore, Tom suggested this kind of discussion should be restarted
after the release of 8.3. I also agreed it.

>>  But unless
>> there's somebody else with a burning need to work on this area I
>> doubt that will happen--there's nothing about SELinux that anybody
>> does just for fun.
> 
> Ya think? :P
> 
> I recognize that this "SE PGSQL" has the potential to be a portability
> nightmare (as it only works on linux) but it certainly has potential to
> give us a leg up on a lot of work.

Yes, it works only on Linux.
I added --enable-selinux build option into the configure script.
It prevent to enable SE-PostgreSQL feature on any other plathomes.

> Anyway, not saying its good code but I did read the docs and it sure
> looks cool.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

In response to

pgsql-hackers by date

Next:From: KaiGai KoheiDate: 2008-01-07 09:36:42
Subject: Re: Spoofing as the postmaster
Previous:From: KaiGai KoheiDate: 2008-01-07 09:03:11
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group