[ANN] SE-PostgreSQL 1.0 Beta released

From: KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
To: pgsql-hackers(at)postgresql(dot)org
Subject: [ANN] SE-PostgreSQL 1.0 Beta released
Date: 2007-07-01 11:54:52
Message-ID: 4687960C.3030600@kaigai.gr.jp
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi,

We released the beta version of SE-PostgreSQL and the first
official documentation at Jul 01 2007.

The purpose of the version is to improve its quality, like bugfix.
The SE-PostgreSQL development team welcomes any feedback from open
source community, like your comments or opinions, bug-reporting,
and so on.

Thanks,

============================================================
SE-PostgreSQL 1.0 Beta version Released
============================================================

SE-PostgreSQL development team released SE-PostgreSQL 1.0 beta
version and "The security guide of Security-Enhanced PostgreSQL
beta edition (Japanese/English)" at Jul 01 2007.

You can get those packages from the following URL:
http://code.google.com/p/sepgsql/downloads/list

o SE-PostgreSQL 1.0 beta version
sepostgresql-8.2.4-0.391.beta.fc6.i386.rpm
sepostgresql-8.2.4-0.391.beta.fc7.i386.rpm
sepostgresql-8.2.4-0.391.beta.fc7.src.rpm
sepostgresql-8.2.4-0.391.beta.fc7.patch
o The base security policy for Fedora 7
selinux-policy-2.6.4-14.sepgsql.fc7.noarch.rpm
selinux-policy-targeted-2.6.4-14.sepgsql.fc7.noarch.rpm
selinux-policy-devel-2.6.4-14.sepgsql.fc7.noarch.rpm
o The base security policy for Fedora core 6
selinux-policy-2.4.6-74.sepgsql.fc6.noarch.rpm
selinux-policy-targeted-2.4.6-74.sepgsql.fc6.noarch.rpm
selinux-policy-devel-2.4.6-74.sepgsql.fc6.noarch.rpm
o "The security guide of Security-Enhanced PostgreSQL" beta edition
sepgsql_security_guide.20070701.jp.beta.pdf (Japanese)
sepgsql_security_guide.20070701.en.beta.pdf (English)

See the following URL, for details of installation.
o SE-PostgreSQL installation memo (Fedora 7)
http://code.google.com/p/sepgsql/wiki/install_memo_Fedora7
o SE-PostgreSQL installation memo (Fedora core 6)
http://code.google.com/p/sepgsql/wiki/install_memo_FC6

The features of SE-PostgreSQL
-----------------------------
Security Enhanced PostgreSQL (SE-PostgreSQL) is a security extension
built in PostgreSQL. It enables to administrate operating system and
database management system under the unified security policy by
cooperation with SELinux.
In addition, it also provides fine-grained access control including
column and row level, and mandatory access control being non-bypassable,
even if privileged database user.

Those features enables to build a database management system into
information flow control scheme integrated with operating system,
and to protect our information asset from threats like manipulation
or leaking.

The purpose of this version
---------------------------
The purpose of this version is evaluation and test for the stable
SE-PostgreSQL 1.0 release. Therefore, we don't recommends to apply
this version except for test/evaluation purpose.
SE-PostgreSQL development team also declares the feature freeze for
the stable SE-PostgreSQL 1.0. It means that we have no plan to add
any feature except for bug fixes until it is released.
We always welcome any feedback from open source community, such as
bug reporting, question for SE-PostgreSQL and documentation.

Roadmap
-------
SE-PostgreSQL development team have a plan to release the stable
SE-PostgreSQL 1.0 after one month's evaluation.
In the future, we continue our activity to merge PGACE/SE-PostgreSQL
features into the upstreamed PostgreSQL.

Changes since SE-PostgreSQL 1.0 alpha
-------------------------------------
The following remarkable changes are applied from SE-PostgreSQL 1.0
alpha released at May 05 2007.

o Applying PGACE framework
PostgreSQL Access Control Extension (PGACE) is a framework consist
of many hooks and a mechanism to associate a security attribute with
database objects, to provide a common infrastructure for multiple
security extensions built in PostgreSQL.
o backup/restore utility
'--enable-security' option was added for pg_dump and pg_dumpall commands.
It enables to backup and restore database with security context.
o Extended SQL statement
Extensions of CREATE TABLE/FUNCTION/DATABASE and ALTER TABLE/FUNCTION/DATABASE
statements enables to configure security context of database object without
modifying system catalog directly.
o Adding new permissions
{use} permission was added for table, column and tuple object classes.
It is evaluated in the case when a column is accessed without reading its
contents such as use on WHERE or GROUP BY clause.
o Improve security policy
Two new types are defined.
One is sepgsql_ro_table_t for read-only tables. The other is sepgsql_fixed_table_t
for non-manipulatable tables. A type of 'sepgsql_user_proc_t' is attached for
user defined SQL function. Administrative domain cannot execute a function with this
type, so we can avoid to execute untrusted functions with unconfined authorities.

Fixed many bugs
---------------
We found and fixed many bugs for four months since alpha release on this March.

Acknowledgment
--------------
The development of SE-PostgreSQL is supported by Exploratory Software Project,
IPA(Information-technology Promotion Agency, Japan).

Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2007-07-01 14:06:42 Re: Something is fairly whacko about shutdown in CVS HEAD
Previous Message Heikki Linnakangas 2007-07-01 07:44:09 Re: pgsql: Improve logging of checkpoints.