Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Greg Smith <gsmith(at)gregsmith(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-29 19:40:29
Message-ID: Pine.GSO.4.64.0712291425460.28100@westnet.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Sat, 29 Dec 2007, Joshua D. Drake wrote:

> http://code.google.com/p/sepgsql/
> ???

Getting that to work required some obtrusive changes to the source code, 
which they've only done to 8.2.4.  Even that doesn't seem to be 
production-quality and it's not clear how that will make its way into 
newer versions yet.

The job here is to work on the SELinux policies for PostgreSQL.  You can't 
just re-use whatever work has gone into the SE-PostgreSQL ones, because 
those presume you're using their modified server instead of the regular 
one.

I started collecting notes and writing a PostgreSQL/SELinux how-to aimed 
at RHEL 5.0+ but I'm not doing work in that area anymore.  On reflection I 
might just release what I did so far to the developer's wiki and see if 
anybody else fills in the missing pieces.  But unless there's somebody 
else with a burning need to work on this area I doubt that will 
happen--there's nothing about SELinux that anybody does just for fun.

--
* Greg Smith gsmith(at)gregsmith(dot)com http://www.gregsmith.com Baltimore, MD

In response to

Responses

pgsql-hackers by date

Next:From: Joshua D. DrakeDate: 2007-12-29 20:15:28
Subject: Re: Spoofing as the postmaster
Previous:From: Tom LaneDate: 2007-12-29 19:20:31
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group