From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
---|---|
To: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
Cc: | Josh Kupershmidt <schmiddy(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [GENERAL] column-level update privs + lock table |
Date: | 2010-12-01 03:59:46 |
Message-ID: | 4CF5C832.8040000@ak.jp.nec.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
(2010/11/30 21:26), Simon Riggs wrote:
> On Mon, 2010-11-29 at 21:37 -0500, Josh Kupershmidt wrote:
>
>> I still see little reason to make LOCK TABLE permissions different for
>> column-level vs. table-level UPDATE privileges
>
> Agreed.
>
> This is the crux of the debate. Why should this inconsistency be allowed
> to continue?
>
> Are there covert channel issues here, KaiGai?
>
Existing database privilege mechanism (and SELinux, etc...) is not designed
to handle covert channel attacks, basically.
For example, if a user session with column-level UPDATE privilege tries
to update a certain column for each seconds depending on the contents of
other table X, other session can probably know the contents of table X
using iteration of LOCK command without SELECT permission.
It is a typical timing channel attack, but it is not a problem that we
should try to tackle, is it?
Sorry, I don't have a credible idea to solve this inconsistency right now.
Thanks,
--
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
From | Date | Subject | |
---|---|---|---|
Next Message | Greg Swisher | 2010-12-01 05:31:10 | Warm Standby log filling up with "FATAL: the database system is starting up" entries |
Previous Message | Vick Khera | 2010-12-01 00:52:14 | Re: Pg_upgrade question |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2010-12-01 04:17:05 | Re: We really ought to do something about O_DIRECT and data=journalled on ext4 |
Previous Message | Andy Colson | 2010-12-01 03:36:54 | unlogged tables |