| From: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org, Greg Smith <gsmith(at)gregsmith(dot)com> |
| Subject: | Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep) |
| Date: | 2008-09-17 13:18:03 |
| Message-ID: | 48D1038B.7020402@kaigai.gr.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
KaiGai Kohei wrote:
> Peter, thanks for your comments.
>
> > Let's review:
> >
> > *) System-wide consistency in access controls could be nice to have in
> > some cases. But is it really achievable? In the typical three-tier web
> > application scenario, do you really have system-wide consistency? Can
> > you configure your application server using SELinux? I'm no expert on
> > these things, but I wonder, would it even work in a useful way, over the
> > network, with all the different threads, processes, and sessions going
> > on? Or how about a desktop, pgAdmin with several database connections,
> > can those be isolated from each other or whatever the security setup may
> > be?
>
> It's a good question. Yes, it is possible no need to say. :)
>
> We can configure Apache to kick its contents handler with a proper security
> context. The contents handler is a sort of Apache module to handle various
> kind of web contents like *.html, *.php, *.cgi and so on.
> The existing module (mod_selinux) eanbles to invoke CGI program with a
> proper
> security context based on HTTP authentication. In addition, the upcoming
> Linux kernel got a feature to assign built-in scripts its security context.
>
> SELinux applied its access controls based on the assigned security context
> for various kind of objects like files, sockets, IPCs, tables, columns and
> so on.
>
> I can provide a demonstration, pelase wait for a while to set up.
The following URL can show the demonstration:
http://kaigai.myhome.cx/index.php
It requires HTTP authentication, and you can choose one of "foo", "var" or "baz".
They can be authenticated by same password: "sepgsql".
The web server assigns per-user security context for its contents handler
including the PHP script. It shows the result set of SQL query depends on
the security context of its client.
(note) This script always connects to SE-PostgreSQL server with "apache" role
that has a privileged user rights.
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Chernow | 2008-09-17 13:20:29 | Re: [PATCHES] libpq events patch (with sgml docs) |
| Previous Message | Martin Pihlak | 2008-09-17 13:13:28 | Re: per-table autovacuum configuration |