| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> |
| Cc: | jd(at)commandprompt(dot)com, Hannu Krosing <hannu(at)2ndQuadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Joshua Brindle <method(at)manicmethod(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec> |
| Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1704) |
| Date: | 2009-03-10 19:17:37 |
| Message-ID: | 2163.1236712657@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> writes:
> As far as I can tell, the community feels interested in the
> feature set; but relatively unable to contribute since none
> of the people have that much of a security background. It
> seems the best way to fix that would be to get more people
> with a security background more involved.
It's experience with the Postgres code base that I'm worried about.
I don't question KaiGai-san's security background; I do doubt that
he knows where all the skeletons are buried in the PG backend.
A couple of very recent examples of that: his patch to fix a problem
with inheritance of column privileges was approximately the right thing,
but inefficiently duplicated the functionality of nearby code:
http://archives.postgresql.org/pgsql-hackers/2009-03/msg00196.php
and it didn't take Heikki long at all to note an oversight in the part
of the latest sepostgres patch that attempted to confine superusers'
file read/write abilities:
http://archives.postgresql.org/pgsql-hackers/2009-03/msg00446.php
More generally, there's been no discussion or community buy-in on
design questions such as whether the patch should even try to confine
superusers on such a fine-grained basis. (I agree with Heikki's
thought that this may be a lost cause given our historical design
assumption that superusers can do anything.)
So I remain strongly of the opinion that what this patch lacks is
review from longtime PG hackers. It's not the security community
that is missing from the equation.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Devrim GÜNDÜZ | 2009-03-10 19:25:34 | Re: Updates of SE-PostgreSQL 8.4devel patches (r1704) |
| Previous Message | Devrim GÜNDÜZ | 2009-03-10 19:13:56 | Re: Updates of SE-PostgreSQL 8.4devel patches (r1704) |