Re: Spoofing as the postmaster

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 29 Dec 2007 14:40:29 -0500 (EST)
Greg Smith <gsmith(at)gregsmith(dot)com> wrote:

> On Sat, 29 Dec 2007, Joshua D. Drake wrote:
>
> > http://code.google.com/p/sepgsql/
> > ???
>
> Getting that to work required some obtrusive changes to the source
> code, which they've only done to 8.2.4. Even that doesn't seem to be
> production-quality and it's not clear how that will make its way into
> newer versions yet.

"they've" has the potential to be "we"... As I recall the individual
made a reasonable effort to introduce the work that he was doing to the
community.

http://archives.postgresql.org/pgsql-hackers/2007-03/msg00271.php
http://archives.postgresql.org/pgsql-hackers/2007-04/msg00664.php

>
> The job here is to work on the SELinux policies for PostgreSQL. You
> can't just re-use whatever work has gone into the SE-PostgreSQL ones,
> because those presume you're using their modified server instead of
> the regular one.

Fair enough. I was just trying to offer a source to start with.

> But unless
> there's somebody else with a burning need to work on this area I
> doubt that will happen--there's nothing about SELinux that anybody
> does just for fun.

Ya think? :P

I recognize that this "SE PGSQL" has the potential to be a portability
nightmare (as it only works on linux) but it certainly has potential to
give us a leg up on a lot of work.

Anyway, not saying its good code but I did read the docs and it sure
looks cool.

Sincerely,

Joshua D. Drake

- --
The PostgreSQL Company: Since 1997, http://www.commandprompt.com/
Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
SELECT 'Training', 'Consulting' FROM vendor WHERE name = 'CMD'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHdqriATb/zqfZUUQRAk73AJ9/Gy2+5mjxBsbEZHyCycp/HgwR0wCfYHPw
TaLkLocBWGpgP0Z7T+IaaWA=
=0Zwj
-----END PGP SIGNATURE-----