Quick Links

Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc:	Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE
Date:	2009-04-20 14:14:01
Message-ID:	5233.1240236841@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
> Heikki Linnakangas wrote:
>> Can't you have a SE-PostgreSQL policy like "disallow ACL_UPDATE on table
>> X for user Y, except when current user is owner of X"?

> It seems to me a quite ad-hoc idea.

That's rather a silly charge to be leveling when your own proposal is
such a horrid kluge as this one. As near as I can tell, you intend
that SELinux will be unable to prohibit SELECT FOR UPDATE because it
cannot tell the difference between that and a foreign key reference.
If that isn't a hack, I don't know what is.

regards, tom lane

In response to

Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE at 2009-04-20 06:43:27 from KaiGai Kohei

Responses

Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE at 2009-04-20 14:48:11 from Greg Stark

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Peter Eisentraut	2009-04-20 14:16:38	Re: Patch for 8.5, transformationHook
Previous Message	Pavel Stehule	2009-04-20 12:45:57	Re: Patch for 8.5, transformationHook