Re: Updates of SE-PostgreSQL 8.4devel patches (r1608)

From: KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Joshua Brindle <method(at)manicmethod(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches (r1608)
Date: 2009-02-26 19:02:07
Message-ID: 49A6E72F.20003@kaigai.gr.jp
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Bruce Momjian wrote:
> KaiGai Kohei wrote:
>> The series of SE-PostgreSQL patches for v8.4 were updated:
>> [1/5] http://sepgsql.googlecode.com/files/sepgsql-core-8.4devel-r1608.patch
>> [2/5] http://sepgsql.googlecode.com/files/sepgsql-utils-8.4devel-r1608.patch
>> [3/5] http://sepgsql.googlecode.com/files/sepgsql-policy-8.4devel-r1608.patch
>> [4/5] http://sepgsql.googlecode.com/files/sepgsql-docs-8.4devel-r1608.patch
>> [5/5] http://sepgsql.googlecode.com/files/sepgsql-tests-8.4devel-r1608.patch
>>
>> - List of updates:
>> * bugfix: sepgsqlCheckProcedureEntrypoint() was invoked twice when
>> security invoker functions are invoked.
>>
>> Rest of parts are unchanged. Don't mind contracted filename.
>> Please comment anything. It will help to improve our code.
>
> I did an analysis of the "core" file:
>
> http://sepgsql.googlecode.com/files/sepgsql-core-8.4devel-r1608.patch
>
> changed lines 3226
> new files 4075
> syscatalog 9977
> ----
> total 17278
>
> The good news is that 3226 is the affect on the non-system-catalog main
> core code, and is a context diff size, not total changed lines.

Hum...? What utility did you use to compute the lines?
It seems to me the changed lines except for system catalogs are larger than
actual one.

The diffstat says:
65 files changed, 4769 insertions(+), 11 deletions(-), 4945 modifications(!)

The (4244 + 500) of 4945 modifications come from pg_proc.h and pg_attribute.h
due to a new field to store security label of procedures and columns.

The new files adds 4014 in total, so rest of (755 + 11 + 201 = 967) lines are
estimated changes in the main core code.

Anyway, I believe the burden of reviewer became smaller than the prior
full-set version.

Thanks,

-------------------------------------------------------------
[kaigai(at)masu ~]$ diffstat ~/sepgsql-core-8.4devel-r1608.patch
configure | 113
configure.in | 13
src/Makefile.global.in | 1
src/backend/Makefile | 7
src/backend/access/heap/heapam.c | 12
src/backend/bootstrap/bootparse.y | 4
src/backend/bootstrap/bootstrap.c | 3
src/backend/catalog/aclchk.c | 11
src/backend/catalog/heap.c | 94
src/backend/catalog/index.c | 8
src/backend/catalog/pg_aggregate.c | 3
src/backend/catalog/pg_proc.c | 9
src/backend/catalog/toasting.c | 3
src/backend/commands/cluster.c | 4
src/backend/commands/copy.c | 9
src/backend/commands/dbcommands.c | 33
src/backend/commands/foreigncmds.c | 7
src/backend/commands/functioncmds.c | 77
src/backend/commands/lockcmds.c | 4
src/backend/commands/proclang.c | 6
src/backend/commands/tablecmds.c | 99
src/backend/commands/trigger.c | 6
src/backend/executor/execMain.c | 22
src/backend/nodes/copyfuncs.c | 25
src/backend/nodes/equalfuncs.c | 21
src/backend/nodes/outfuncs.c | 28
src/backend/nodes/readfuncs.c | 41
src/backend/optimizer/plan/planner.c | 1
src/backend/parser/gram.y | 63
src/backend/postmaster/postmaster.c | 43
src/backend/rewrite/rewriteHandler.c | 6
src/backend/security/Makefile | 11
src/backend/security/sepgsql/Makefile | 16
src/backend/security/sepgsql/avc.c | 1157 +++++++
src/backend/security/sepgsql/checker.c | 902 +++++
src/backend/security/sepgsql/core.c | 235 +
src/backend/security/sepgsql/dummy.c | 37
src/backend/security/sepgsql/hooks.c | 576 +++
src/backend/security/sepgsql/label.c | 360 ++
src/backend/security/sepgsql/perms.c | 463 ++
src/backend/storage/ipc/ipci.c | 2
src/backend/tcop/utility.c | 5
src/backend/utils/cache/catcache.c | 32
src/backend/utils/cache/syscache.c | 15
src/backend/utils/fmgr/dfmgr.c | 10
src/backend/utils/fmgr/fmgr.c | 8
src/backend/utils/init/postinit.c | 11
src/backend/utils/misc/guc.c | 18
src/backend/utils/misc/postgresql.conf.sample | 3
src/include/catalog/heap.h | 9
src/include/catalog/pg_attribute.h | 500 !!!
src/include/catalog/pg_class.h | 12
src/include/catalog/pg_database.h | 6
src/include/catalog/pg_proc.h | 4244 !!!!!!!!!!!!!!!!!!!!!!!!!!
src/include/catalog/pg_proc_fn.h | 3
src/include/fmgr.h | 10
src/include/nodes/nodes.h | 3
src/include/nodes/parsenodes.h | 30
src/include/nodes/plannodes.h | 2
src/include/pg_config.h.in | 3
src/include/security/sepgsql.h | 257 +
src/include/storage/lwlock.h | 1
src/include/utils/catcache.h | 1
src/include/utils/errcodes.h | 5
src/include/utils/syscache.h | 2
65 files changed, 4769 insertions(+), 11 deletions(-), 4945 modifications(!)

--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Dave Gudeman 2009-02-26 19:13:46 a proposal for an extendable deparser
Previous Message Robert Haas 2009-02-26 18:51:14 Re: xpath processing brain dead