| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, KaiGai Kohhookei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-11 20:03:28 |
| Message-ID: | 603c8f070912111203w3896e36chfb2cf3ed1a107795@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Dec 11, 2009 at 1:52 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> I actually have an idea how to solve the problem in this particular
>> case, but I'm reluctant to say what it is because I'm not sure if I'm
>> right, and at any rate *I don't want to write this patch*.
>
> As far as crap goes, I'd have to put this at the top. If you're not
> willing to share ideas, then I may have to reconsider my personal
> feeling on if you should be a committer or not. No one is asking you to
> write the patch. We all know that we can be wrong (I tend to be more
> wrong than most), and we all hate to "jerk people around", but I feel
> it's far worse to self-censor discussion on ideas.
OK, it's clear that I've handled this badly. Sorry. My fear (however
unjustified) was that someone would go and rewrite the patch based on
an opinion that I express whether they agree with it or not. I don't
know the right way to do this and I'm sorry to have given you the
impression that I think I do and am hiding the ball.
So with that said, the idea I had was to try to pass around
pre-existing data structures related to the objects on which access
control decisions are being made, rather than Oids. It's pretty clear
that you're never going to be able to make an access control decision
just based on the Oid, but the Relation descriptor or pg_something
HeapTuple might be enough - or at least whatever else you need is
likely something you would have had to look up anyway, even without
the interface layer. I don't know if that makes sense or actually
works, but you could give it a try.
> It's also about the worst form of rock-management that I think I could
> come up with in an open source community. If you don't share your idea,
> yet you feel that it's "right", and see nothing to dissuade you from
> that position (after all, we can't present an argument for or against it
> if we don't know what it is), then I find it likely that you're going to
> constantly be comparing patches presented to the ideal one in your head
> based on your idea and we'd never get there.
It's a little unfortunate that we're arguing about this because that's
exactly what I'm reacting AGAINST, and emphatically not when I intend
to do. I think this is the first time in my adult life I've been
criticized for being too UN-willing to share my opinions, but I guess
there's a first time for everything. Again, sorry for handling this
badly. I just feel like the discussions that we've had so far have
been very much in the dynamic of throw some code over the wall and see
if the committer likes it... looks like no, let's go back around and
try again. It does have a bit of a rock management feel to it and I
really want to see if we can find a way to break that cycle.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2009-12-11 20:06:54 | Re: Adding support for SE-Linux security |
| Previous Message | Zdenek Kotala | 2009-12-11 20:00:50 | Re: [PATCH] dtrace probes for memory manager |