From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> |
Cc: | jd(at)commandprompt(dot)com, Hannu Krosing <hannu(at)2ndQuadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Joshua Brindle <method(at)manicmethod(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec> |
Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1704) |
Date: | 2009-03-10 19:17:37 |
Message-ID: | 2163.1236712657@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> writes:
> As far as I can tell, the community feels interested in the
> feature set; but relatively unable to contribute since none
> of the people have that much of a security background. It
> seems the best way to fix that would be to get more people
> with a security background more involved.
It's experience with the Postgres code base that I'm worried about.
I don't question KaiGai-san's security background; I do doubt that
he knows where all the skeletons are buried in the PG backend.
A couple of very recent examples of that: his patch to fix a problem
with inheritance of column privileges was approximately the right thing,
but inefficiently duplicated the functionality of nearby code:
http://archives.postgresql.org/pgsql-hackers/2009-03/msg00196.php
and it didn't take Heikki long at all to note an oversight in the part
of the latest sepostgres patch that attempted to confine superusers'
file read/write abilities:
http://archives.postgresql.org/pgsql-hackers/2009-03/msg00446.php
More generally, there's been no discussion or community buy-in on
design questions such as whether the patch should even try to confine
superusers on such a fine-grained basis. (I agree with Heikki's
thought that this may be a lost cause given our historical design
assumption that superusers can do anything.)
So I remain strongly of the opinion that what this patch lacks is
review from longtime PG hackers. It's not the security community
that is missing from the equation.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Devrim GÜNDÜZ | 2009-03-10 19:25:34 | Re: Updates of SE-PostgreSQL 8.4devel patches (r1704) |
Previous Message | Devrim GÜNDÜZ | 2009-03-10 19:13:56 | Re: Updates of SE-PostgreSQL 8.4devel patches (r1704) |