From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
---|---|
To: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
Cc: | Sam Mason <sam(at)samason(dot)me(dot)uk>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: SE-PostgreSQL Specifications |
Date: | 2009-07-26 14:32:45 |
Message-ID: | 4A6C690D.4070209@dunslane.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
KaiGai Kohei wrote:
> Andrew Dunstan wrote:
>>
>>
>> KaiGai Kohei wrote:
>>>
>>> The SELinux provides a certain process privilege to make backups and
>>> restore them. In the (currect) default policy, it is called
>>> "unconfined".
>>>
>>> However, it is also *possible* to define a new special process
>>> privilege
>>> for backup and restore tools. For example, it can access all the
>>> databse
>>> objects and can make backups, but any other process cannot touch the
>>> backup files. It means that DBA can launch a backup tool and it creates
>>> a black-boxed file, then he cal also lauch a restore tool to restore
>>> the black-boxed backup, but he cannot see the contents of the backup.
>>> (It might be a similar idea of "sudo" mechanism.)
>>>
>>>
>>
>> Really? How you enforce this black box rule for a backup made across
>> the network? From the server's POV there is no such thing as a
>> backup. All it sees is a set of SQL statements all of which it might
>> see in some other context.
>
> The recent SELinux provide a feature to exchange the security context of
> peer process over the network connection.
> It allows to control a certain process to send/receive packets to/from
> only a certain process, even if they communicate using remote connection.
>
> This feature is named "Labeled IPsec". The key exchange daemon (racoon)
> was enhanced to exchange the security context of peer processes also,
> prior to the actual communications.
>
>
Interesting, I can see this having some use in quite a number of areas.
Of course, in the end, it still comes down to this issue, which is as
old as Plato: "Quis custodiet ipsos custodes?" (see
<http://en.wikipedia.org/wiki/Quis_custodiet_ipsos_custodes%3F> )
cheers
andrew
*/
/*
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2009-07-26 15:31:03 | Re: autogenerating headers & bki stuff |
Previous Message | KaiGai Kohei | 2009-07-26 13:57:43 | Re: SE-PostgreSQL Specifications |