Sorry, I missed a permission check on invocation of trusted procedures.
When client's label getting switched to Y from X, we needed to check
process:transition permission between label X and label Y.
It is same manner when OS launches a program with a special label to
cause domain transition.
The attached patch adds checks this permission when user tries to
invoke a trusted procedure and switch security label of the client.
In addition, it also adds a case of regression test of this problem.
NEC Europe Ltd, SAP Global Competence Center
KaiGai Kohei <kohei(dot)kaigai(at)eu(dot)nec(dot)com>
pgsql-hackers by date
|Next:||From: Robert Haas||Date: 2011-04-04 15:04:09|
|Subject: Re: GSoC proposal: Fast GiST index build|
|Previous:||From: Robert Haas||Date: 2011-04-04 15:01:15|
|Subject: Re: cast from integer to money|