Skip site navigation (1) Skip section navigation (2)

Re: Updates of SE-PostgreSQL 8.4devel patches (r1608)

From: KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Joshua Brindle <method(at)manicmethod(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches (r1608)
Date: 2009-02-26 19:02:07
Message-ID: 49A6E72F.20003@kaigai.gr.jp (view raw or flat)
Thread:
Lists: pgsql-hackers
Bruce Momjian wrote:
> KaiGai Kohei wrote:
>> The series of SE-PostgreSQL patches for v8.4 were updated:
>> [1/5] http://sepgsql.googlecode.com/files/sepgsql-core-8.4devel-r1608.patch
>> [2/5] http://sepgsql.googlecode.com/files/sepgsql-utils-8.4devel-r1608.patch
>> [3/5] http://sepgsql.googlecode.com/files/sepgsql-policy-8.4devel-r1608.patch
>> [4/5] http://sepgsql.googlecode.com/files/sepgsql-docs-8.4devel-r1608.patch
>> [5/5] http://sepgsql.googlecode.com/files/sepgsql-tests-8.4devel-r1608.patch
>>
>> - List of updates:
>>   * bugfix: sepgsqlCheckProcedureEntrypoint() was invoked twice when
>>     security invoker functions are invoked.
>>
>> Rest of parts are unchanged. Don't mind contracted filename.
>> Please comment anything. It will help to improve our code.
> 
> I did an analysis of the "core" file:
> 
> 	http://sepgsql.googlecode.com/files/sepgsql-core-8.4devel-r1608.patch
> 
> 	changed lines      3226
> 	new files          4075
> 	syscatalog         9977
> 	----
> 	total             17278
> 
> The good news is that 3226 is the affect on the non-system-catalog main
> core code, and is a context diff size, not total changed lines.

Hum...? What utility did you use to compute the lines?
It seems to me the changed lines except for system catalogs are larger than
actual one.

The diffstat says:
  65 files changed, 4769 insertions(+), 11 deletions(-), 4945 modifications(!)

The (4244 + 500) of 4945 modifications come from pg_proc.h and pg_attribute.h
due to a new field to store security label of procedures and columns.

The new files adds 4014 in total, so rest of (755 + 11 + 201 = 967) lines are
estimated changes in the main core code.

Anyway, I believe the burden of reviewer became smaller than the prior
full-set version.

Thanks,

-------------------------------------------------------------
[kaigai(at)masu ~]$ diffstat ~/sepgsql-core-8.4devel-r1608.patch
  configure                                     |  113
  configure.in                                  |   13
  src/Makefile.global.in                        |    1
  src/backend/Makefile                          |    7
  src/backend/access/heap/heapam.c              |   12
  src/backend/bootstrap/bootparse.y             |    4
  src/backend/bootstrap/bootstrap.c             |    3
  src/backend/catalog/aclchk.c                  |   11
  src/backend/catalog/heap.c                    |   94
  src/backend/catalog/index.c                   |    8
  src/backend/catalog/pg_aggregate.c            |    3
  src/backend/catalog/pg_proc.c                 |    9
  src/backend/catalog/toasting.c                |    3
  src/backend/commands/cluster.c                |    4
  src/backend/commands/copy.c                   |    9
  src/backend/commands/dbcommands.c             |   33
  src/backend/commands/foreigncmds.c            |    7
  src/backend/commands/functioncmds.c           |   77
  src/backend/commands/lockcmds.c               |    4
  src/backend/commands/proclang.c               |    6
  src/backend/commands/tablecmds.c              |   99
  src/backend/commands/trigger.c                |    6
  src/backend/executor/execMain.c               |   22
  src/backend/nodes/copyfuncs.c                 |   25
  src/backend/nodes/equalfuncs.c                |   21
  src/backend/nodes/outfuncs.c                  |   28
  src/backend/nodes/readfuncs.c                 |   41
  src/backend/optimizer/plan/planner.c          |    1
  src/backend/parser/gram.y                     |   63
  src/backend/postmaster/postmaster.c           |   43
  src/backend/rewrite/rewriteHandler.c          |    6
  src/backend/security/Makefile                 |   11
  src/backend/security/sepgsql/Makefile         |   16
  src/backend/security/sepgsql/avc.c            | 1157 +++++++
  src/backend/security/sepgsql/checker.c        |  902 +++++
  src/backend/security/sepgsql/core.c           |  235 +
  src/backend/security/sepgsql/dummy.c          |   37
  src/backend/security/sepgsql/hooks.c          |  576 +++
  src/backend/security/sepgsql/label.c          |  360 ++
  src/backend/security/sepgsql/perms.c          |  463 ++
  src/backend/storage/ipc/ipci.c                |    2
  src/backend/tcop/utility.c                    |    5
  src/backend/utils/cache/catcache.c            |   32
  src/backend/utils/cache/syscache.c            |   15
  src/backend/utils/fmgr/dfmgr.c                |   10
  src/backend/utils/fmgr/fmgr.c                 |    8
  src/backend/utils/init/postinit.c             |   11
  src/backend/utils/misc/guc.c                  |   18
  src/backend/utils/misc/postgresql.conf.sample |    3
  src/include/catalog/heap.h                    |    9
  src/include/catalog/pg_attribute.h            |  500 !!!
  src/include/catalog/pg_class.h                |   12
  src/include/catalog/pg_database.h             |    6
  src/include/catalog/pg_proc.h                 | 4244 !!!!!!!!!!!!!!!!!!!!!!!!!!
  src/include/catalog/pg_proc_fn.h              |    3
  src/include/fmgr.h                            |   10
  src/include/nodes/nodes.h                     |    3
  src/include/nodes/parsenodes.h                |   30
  src/include/nodes/plannodes.h                 |    2
  src/include/pg_config.h.in                    |    3
  src/include/security/sepgsql.h                |  257 +
  src/include/storage/lwlock.h                  |    1
  src/include/utils/catcache.h                  |    1
  src/include/utils/errcodes.h                  |    5
  src/include/utils/syscache.h                  |    2
  65 files changed, 4769 insertions(+), 11 deletions(-), 4945 modifications(!)

-- 
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

In response to

pgsql-hackers by date

Next:From: Dave GudemanDate: 2009-02-26 19:13:46
Subject: a proposal for an extendable deparser
Previous:From: Robert HaasDate: 2009-02-26 18:51:14
Subject: Re: xpath processing brain dead

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group