| From: | Joshua Brindle <method(at)manicmethod(dot)com> |
|---|---|
| To: | Greg Smith <greg(at)2ndquadrant(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SE-PostgreSQL/Lite Review |
| Date: | 2009-12-11 16:33:09 |
| Message-ID: | 4B227445.5030609@manicmethod.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Joshua Brindle wrote:
> Greg Smith wrote:
>> It's funny; we started out this CommitFest with me scrambling to find
>> someone, anyone, willing to review the latest SE-PostgreSQL patch,
>> knowing it was a big job and few were likely to volunteer. Then
>> schedules lined up just right, and last night I managed to get a great
>> group of people all together to do perhaps the biggest single patch
>> review ever, to work on just that. I gathered up a list of the biggest
>> concerns about this feature and its associated implementation, we got a
>> number of regular PostgreSQL hackers and two of the security guys you've
>> seen on this list all in the same room, and we talked about little but
>> SEPostgreSQL for hours. Minutes are at
>> http://wiki.postgresql.org/wiki/SEPostgreSQL_Review_at_the_BWPUG and I'd
>> suggest anyone interested in this feature (or in rejecting this feature)
>> to take a look at what we covered.
>>
>
> I just wanted to add some talking notes here.
>
> User base for the feature:
>
> While my goals for this feature line up with military/government users
> this is in no way the extent of the potential user base. The fact is
> most people won't know they want this feature until it is available. Why
> is that? Well, how many of you have written webapps and implemented
> policy logic in your application rather than the database level? Why do
> people currently feel the need to do this? Is it even possible to
> implement some complex policies (eg., PCI compliance) at the database
> level? If PostgreSQL version whatever suddenly had the ability to
> implement the policy logic in the database, would you move it there? I
> know I would..
>
> Audit:
>
> In past conversations it sounded like some of the Postgres community was
> skeptical even about the design of the security model. For an even
> earlier look (September 2006) of KaiGai and the SELinux community
> talking about the object model and even high level design of the
> solution see <http://marc.info/?l=selinux&m=115762285013528&w=2>
>
I highly suggest a quick read of the above thread, it shows how we
established an object model in fairly short order. The conversation also
continues here: <http://marc.info/?l=selinux&m=115786457722767&w=2>
and also here:
<http://marc.info/?l=selinux&m=117160445604805&w=2>
<http://marc.info/?l=selinux&m=117160445611588&w=2>
<http://marc.info/?l=selinux&m=117160445608517&w=2>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Euler Taveira de Oliveira | 2009-12-11 16:36:27 | Re: EXPLAIN BUFFERS |
| Previous Message | Robert Haas | 2009-12-11 16:30:27 | Re: Adding support for SE-Linux security |