Re: Reworks for Access Control facilities (r2363)

On Fri, Oct 16, 2009 at 12:45 PM, Greg Stark <gsstark(at)mit(dot)edu> wrote:
> 2009/10/16 KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>:
>> . In addition, I already tried to put SE-PG hooks
>> within pg_xxx_aclchecks() in this CF, but it was failed due to the
>> differences in the security models.
>
> I thought the last discussion ended with a pretty strong conclusion
> that we didn't want differences in the security models.
>
> The first step is to add hooks which don't change the security model
> at all, just allow people to control the existing checks from their SE
> configuration. Only as a second step we would look into making
> incremental changes to the postgres security model to add support for
> privileges SE users might expect to find, eventually possibly
> including per-row permissions.

I think we sort of came to the conclusion that even a basic
implementation of SE-PostgreSQL might have some requirements that
didn't quite square with the existing PostgreSQL security model. The
charter of this patch AIUI was to refactor things so that they were
square up, but I the patch is substantially more complex and invasive
than what I thought would be necessary and it's not clear that it
solves the problem. Rather than refactoring the existing checks to
provide a cleaner abstraction layer, it seems to provide a layer that,
if it's anything, is just a place-holder for an SE-PostgreSQL
implementation, and there's no guarantee that it's adequate even for
that, much less for anything else we might want to do.

...Robert