From: | Chris Browne <cbbrowne(at)acm(dot)org> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Adding support for SE-Linux security |
Date: | 2009-12-07 16:45:22 |
Message-ID: | 878wde68d9.fsf@dba2.int.libertyrms.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
tgl(at)sss(dot)pgh(dot)pa(dot)us (Tom Lane) writes:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>>> I wonder if we should rephrase this as, "How hard will this feature be
>>> to add, and how hard will it be to remove in a few years if we decide we
>>> don't want it?"
>
>> Yes, I think that's the right way to think about it. At a guess, it's
>> two man-months of work to get it in,
>
> It's not the "get it in" part that scares me. The problem I have with
> it is that I see it as a huge time sink for future maintenance problems,
> most of which will be classifiable as security breaches which increases
> the pain of dealing with them immeasurably.
Ah, yes, the importance of this is not to be underestimated...
Once "SE-Pg" is added in, *any* bug found in it is likely to be
considered a security bug, and hence a candidate for being a CERT
Advisory.
Some bad things are liable to happen:
a) Such problems turn into a "hue and cry" situation requiring
dropping everything else to "fix the security problem."
b) If everyone isn't using "SE-Pg", then people won't be particularly
looking for bugs, and hence bugs are likely to linger somewhat,
with the consequence that a) occurs with some frequency.
c) Having a series of CERT advisories issued is not going to be
considered a good thing, reputation-wise!
I feel about the same way about this as I did about the adding of
"native Windows" support; I'm a bit concerned that this could be a
destabilizing influence. I was wrong back then; the Windows support
hasn't had the ill effects I was concerned it might have.
I'd hope that my concerns about "SE-Pg" are just as wrong as my concerns
about native Windows support. Hope doesn't make it so, alas...
--
select 'cbbrowne' || '@' || 'gmail.com';
http://www3.sympatico.ca/cbbrowne/languages.html
"Just because it's free doesn't mean you can afford it." -- Unknown
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2009-12-07 16:54:57 | Re: Adding support for SE-Linux security |
Previous Message | Greg Smith | 2009-12-07 16:43:17 | Re: strange segfault with 8.3.8 |