Re: Adding support for SE-Linux security

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Adding support for SE-Linux security
Date: 2009-12-11 20:06:54
Message-ID: 20091211200654.GA17756@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

David,

* David P. Quigley (dpquigl(at)tycho(dot)nsa(dot)gov) wrote:
> So the document I read is linked below [1].

Great, thanks again.

[agree with all the rest]

> It is definitely good to have a second opinion on this since I've just
> only started reading the PCI compliance documents. I'm definitely not an
> expert in PCI compliance but from what I've read there are definite
> benefits for using SEPG or PG-ACE with a special security module in
> making much stronger guarantees about who and what can touch the card
> data.

Indeed. The other nice piece about getting the opinion of Treat (or
others who have to deal with PCI) is that while the PCI documentation
says what you're supposed to do, the PCI folks also have auditing
requirments (as in, a third-party vendor has to audit your system, and
there are required scans and scanning tools, etc) which don't always
marry up to what they say they require.

Thanks!

Stephen

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Zdenek Kotala 2009-12-11 20:07:51 Re: [PATCH] dtrace probes for memory manager
Previous Message Robert Haas 2009-12-11 20:03:28 Re: Adding support for SE-Linux security