Skip site navigation (1) Skip section navigation (2)

Re: [sepgsql] missing checks of process:transition on trusted procedure invocation

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Kohei Kaigai <Kohei(dot)Kaigai(at)eu(dot)nec(dot)com>
Cc: "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [sepgsql] missing checks of process:transition on trusted procedure invocation
Date: 2011-04-04 17:26:12
Message-ID: BANLkTikMyhv+0meGGoBWravO_VhOM9QJew@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Mon, Apr 4, 2011 at 11:01 AM, Kohei Kaigai <Kohei(dot)Kaigai(at)eu(dot)nec(dot)com> wrote:
> Sorry, I missed a permission check on invocation of trusted procedures.
>
> When client's label getting switched to Y from X, we needed to check
> process:transition permission between label X and label Y.
> It is same manner when OS launches a program with a special label to
> cause domain transition.
>
> The attached patch adds checks this permission when user tries to
> invoke a trusted procedure and switch security label of the client.
> In addition, it also adds a case of regression test of this problem.

Committed.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

pgsql-hackers by date

Next:From: Susanne EbrechtDate: 2011-04-04 17:26:45
Subject: Re: [HACKERS] Uppercase SGML entity declarations
Previous:From: Robert HaasDate: 2011-04-04 17:24:15
Subject: Re: trivial patch: show SIREAD pids in pg_locks

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group