Skip site navigation (1) Skip section navigation (2)

Re: [sepgsql 2/3] Add db_schema:search permission checks

From: Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>
To: Simon Riggs <simon(at)2ndquadrant(dot)com>
Cc: PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [sepgsql 2/3] Add db_schema:search permission checks
Date: 2013-01-29 14:39:39
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
2013/1/29 Simon Riggs <simon(at)2ndquadrant(dot)com>:
> On 29 January 2013 13:30, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> wrote:
>> It makes unavailable to control execution of
>> functions from viewpoint of selinux, and here is no way selinux
>> to prevent to execute functions defined by other domains, or
>> others being not permitted.
>> Also, what we want to do is almost same as existing permission
>> checks, except for its criteria to make access control decision.
> Do you have a roadmap of all the things this relates to?
> If selinux has a viewpoint, I'd like to be able to see a list of
> capabilities and then which ones are currently missing. I guess I'm
> looking for external assurance that someone somewhere needs this and
> that it fits into a complete overall plan of what we should do. Just
> like we are able to use SQLStandard as a guide as to what we need to
> implement, we would like something to refer back to. Does this have a
> request id, specification document page number or whatever?
I previously made several wiki pages for reference of permissions
to be checked, but it needs maintenance works towards the latest
state, such as newly added permissions.

Even though hosts permission list, it is more
rough than what I described at

Unlike SQL standard, we have less resource to document its spec
being validated by third persons. However, it is a reasonable solution
to write up which permission shall be checked on which timing.

Let me revise the above wikipage to show my overall plan.

KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

In response to


pgsql-hackers by date

Next:From: Tom LaneDate: 2013-01-29 14:54:04
Subject: Re: BUG #7493: Postmaster messages unreadable in a Windows console
Previous:From: Peter EisentrautDate: 2013-01-29 14:20:34
Subject: Re: enhanced error fields

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group