Re: Updates of SE-PostgreSQL 8.4devel patches

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches
Date: 2008-09-25 01:39:00
Message-ID: 200809250139.m8P1d0E13649@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

KaiGai Kohei wrote:
> > Particularly interesting was the doc patch,
> > sepostgresql-docs-8.4devel-3-r1043.patch. It explains how SE-PostgreSQL
> > checks the permission level of the client process (getpeercon) and uses
> > that to determine what the user should see.
>
> Yes, this is a significant point which tends to be misunderstood.
> When two processes with individual security context on operating system
> connect to SE-PostgreSQL, they will get individual result, even if they
> logged in as a same database role.

Yes, that was very clear in your documentation.

> > The bulk of the patch is in sepostgresql-sepgsql-8.4devel-3-r1043.patch,
> > which modifies the backend. About 30% of it or 3k lines modify our
> > backend, and the rest are indepdendent support routines in their own C
> > files.
>
> The 3k lines (which is named as PGACE security framework) part was provided
> as separated patches, but I was pointed out it requires reviewers to see
> two files in same time. So, these were integrated into one.

Ah, OK. I think we need to decide:

1) When are we getting column-level permissions that you can
plug into?
2) Do we want row-level permissions at the SQL level?

> > The other conclusion I came to is that the other 11k of patch is really
> > independent SE-Linux interface code and not likely to change in size no
> > matter what we implement at the SQL level.
>
> Yes, the primary purpose of this archtecture is to minimize the impact
> for the core PostgreSQL implementation, when user choose an enhanced
> security mechanism.

Yes, you have certainly done that well.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tatsuo Ishii 2008-09-25 02:19:02 Re: Common Table Expressions (WITH RECURSIVE) patch
Previous Message KaiGai Kohei 2008-09-25 01:37:54 Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep)