From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches |
Date: | 2008-09-25 01:39:00 |
Message-ID: | 200809250139.m8P1d0E13649@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
KaiGai Kohei wrote:
> > Particularly interesting was the doc patch,
> > sepostgresql-docs-8.4devel-3-r1043.patch. It explains how SE-PostgreSQL
> > checks the permission level of the client process (getpeercon) and uses
> > that to determine what the user should see.
>
> Yes, this is a significant point which tends to be misunderstood.
> When two processes with individual security context on operating system
> connect to SE-PostgreSQL, they will get individual result, even if they
> logged in as a same database role.
Yes, that was very clear in your documentation.
> > The bulk of the patch is in sepostgresql-sepgsql-8.4devel-3-r1043.patch,
> > which modifies the backend. About 30% of it or 3k lines modify our
> > backend, and the rest are indepdendent support routines in their own C
> > files.
>
> The 3k lines (which is named as PGACE security framework) part was provided
> as separated patches, but I was pointed out it requires reviewers to see
> two files in same time. So, these were integrated into one.
Ah, OK. I think we need to decide:
1) When are we getting column-level permissions that you can
plug into?
2) Do we want row-level permissions at the SQL level?
> > The other conclusion I came to is that the other 11k of patch is really
> > independent SE-Linux interface code and not likely to change in size no
> > matter what we implement at the SQL level.
>
> Yes, the primary purpose of this archtecture is to minimize the impact
> for the core PostgreSQL implementation, when user choose an enhanced
> security mechanism.
Yes, you have certainly done that well.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
From | Date | Subject | |
---|---|---|---|
Next Message | Tatsuo Ishii | 2008-09-25 02:19:02 | Re: Common Table Expressions (WITH RECURSIVE) patch |
Previous Message | KaiGai Kohei | 2008-09-25 01:37:54 | Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep) |