Skip site navigation (1) Skip section navigation (2)

Re: [0/4] Proposal of SE-PostgreSQL patches

From: Greg Smith <gsmith(at)gregsmith(dot)com>
To: Andrej Ricnik-Bay <andrej(dot)groups(at)gmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [0/4] Proposal of SE-PostgreSQL patches
Date: 2008-05-01 03:24:26
Message-ID: Pine.GSO.4.64.0804302246080.3430@westnet.com (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
On Thu, 1 May 2008, Andrej Ricnik-Bay wrote:

> Not a hacker, just a curious reader ... are there equivalent frameworks
> for the other supported platforms?  E.g. MacOS, *BSD, Windows?

SELinux is a Linux implementation of ideas from an earlier NSA project 
named Flask.  There is port of another variant of that, Flask/TE, that is 
making its way into the BSD variants via a project called SEBSD. 
TrustedBSD, Darwin (OS X), and OpenSolaris all have projects in this area 
already (the Solaris one just launched last month).  A good starter page 
is http://www.trustedbsd.org/sebsd.html

Particularly given the common heritage, I suspect that the PostgreSQL side 
of all these projects will be similar, and that once those hooks are in 
place it will just be a matter of tying them into the higher levels of the 
other framework.  It would be too ambitious to target all of them all at 
once for a first pass, but it may be worth a look at the fundamentals of 
SEBSD to make sure the right hooks look like they're in place.

Windows has this thing called "Group Policy" that's supposedly leaped 
forward for Windows Server 2008.  They are now advertising it as like 
SELinux, but better.  The presentation PDF I just read on that subject 
sounds like something written by the crazy guy at Broadway & 57th street I 
used to walk by, as he talked on fruit as if they were his cell phone. 
It's such a deluded and wildly misguided bit of sales fluff that you can't 
take it seriously, and the whole thing just leaves me feeling sorry for 
them instead.

--
* Greg Smith gsmith(at)gregsmith(dot)com http://www.gregsmith.com Baltimore, MD

In response to

pgsql-hackers by date

Next:From: Greg SmithDate: 2008-05-01 06:32:05
Subject: Re: [0/4] Proposal of SE-PostgreSQL patches
Previous:From: Andrej Ricnik-BayDate: 2008-05-01 02:16:31
Subject: Re: [0/4] Proposal of SE-PostgreSQL patches

pgsql-patches by date

Next:From: Pavel StehuleDate: 2008-05-01 05:02:39
Subject: Re: temporal version of generate_series()
Previous:From: Andrej Ricnik-BayDate: 2008-05-01 02:16:31
Subject: Re: [0/4] Proposal of SE-PostgreSQL patches

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group