Skip site navigation (1) Skip section navigation (2)

Re: sepgsql contrib module

From: KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
To: Simon Riggs <simon(at)2ndQuadrant(dot)com>
Cc: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: sepgsql contrib module
Date: 2010-12-30 00:26:07
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
(2010/12/27 17:53), Simon Riggs wrote:
> On Fri, 2010-12-24 at 11:53 +0900, KaiGai Kohei wrote:
>> The attached patch is the modular version of SE-PostgreSQL.
> Looks interesting.
> Couple of thoughts...
> Docs don't mention row-level security. If we don't have it, I think we
> should say that clearly.
Indeed, it is a good idea the document mentions what features are not
implemented in this version clearly, not only row-level security, but
DDL permissions and so on. I'd like to revise it soon.

> I think we need a "Guide to Security Labels" section in the docs. Very
> soon, because its hard to know what is being delivered and what is not.
Does it describe what is security label and the purpose of them?
OK, I'd like to add this section here.

> Is the pg_seclabel table secure? Looks like the labels will be available
> to read.
If we want to control visibility of each labels, we need row-level
granularity here.

> How do we tell if sepgsql is installed?
Check existence of GUC variables of sepgsql.*.

> What happens if someone alters the configuration so that the sepgsql
> plugin is no longer installed. Does the hidden data become visible?
Yes. If sepgsql plugin is uninstalled, the hidden data become visible.
But no matter. Since only a person who is allowed to edit postgresql.conf
can uninstall it, we cannot uninstall it in run-time.
(An exception is loading a malicious module, but we will be able to
hook this operation in the future version.)

KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

In response to


pgsql-hackers by date

Next:From: Noah MischDate: 2010-12-30 00:27:22
Subject: Re: Avoiding rewrite in ALTER TABLE ALTER TYPE
Previous:From: Noah MischDate: 2010-12-29 23:52:42
Subject: Re: Avoiding rewrite in ALTER TABLE ALTER TYPE

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group