Re: Updates of SE-PostgreSQL 8.4devel patches

From: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: Andrew Sullivan <ajs(at)commandprompt(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches
Date: 2008-10-16 10:57:58
Message-ID: 48F71E36.9010203@ak.jp.nec.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

KaiGai Kohei wrote:
> Bruce Momjian wrote:
>> KaiGai Kohei wrote:
>>> Bruce Momjian wrote:
>>>> I think we could use row-level access control to prevent people from
>>>> seeing databases they should not see in pg_database.
>>> The row-level database ACL which I submitted yesterdat does not allow
>>> to assign ACLs to tuples within system catalogs (like pg_database),
>>> because it is unclear who should be the owner of tuples.
>>>
>>> As I noted at the previous message, it considers the owner of the table
>>> as the owner of the tuples due to several reasons. However, some of
>>> system
>>> catalogs have its owner field like "pg_proc.proowner".
>>> This limitation is not a fundamental one, so we can remove it soon.
>>>
>>> But, who should be the owner of tuples within system catalogs which have
>>> some kind of "owner" field.
>>
>> The Postgres super-user should be the owner of all system tables.
>
> OK, I'll update it soon.

I updates my patches:
[1/6] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1130.patch
[2/6] http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r1130.patch
[3/6] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1130.patch
[4/6] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1130.patch
[5/6] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1130.patch
[6/6] http://sepgsql.googlecode.com/files/sepostgresql-row_acl-8.4devel-3-r1130.patch

List of updates:
- Fixbug: security identifier was not handled correctly on TOAST table
when we repeat to enable/disable the security feature.
- RowACL: remove limitation on system catalogs
- RowACL: the default behavior is changed when we access tuples with no
row-level ACL. The previous version applies ACL inherited from
its table, but the newer one allows anything to public, because
the previous behavior makes problem when you restrict access via
VIEWs.
- RowACL: bugfix when we provide an empty string as a new row-level ACL.

* An example to limit the list of pg_database

[kaigai(at)saba ~]$ psql postgres
psql (8.4devel)
Type "help" for help.

postgres=# CREATE DATABASE test1;
CREATE DATABASE
postgres=# CREATE DATABASE test2;
CREATE DATABASE
postgres=# CREATE DATABASE test3;
CREATE DATABASE
postgres=# UPDATE pg_database SET tuple_acl = '{ymj=r/kaigai}'
WHERE datname like 'test%';
UPDATE 3
postgres=# UPDATE pg_database SET tuple_acl = rowacl_revoke(tableoid, tuple_acl, 'ymj', 'all')
WHERE datname = 'test2';
UPDATE 1
postgres=# \l
List of databases
Name | Owner | Encoding | Collation | Ctype | Access Privileges
-----------+--------+----------+-------------+-------------+-------------------------------
postgres | kaigai | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | kaigai | UTF8 | en_US.UTF-8 | en_US.UTF-8 | {=c/kaigai,kaigai=CTc/kaigai}
template1 | kaigai | UTF8 | en_US.UTF-8 | en_US.UTF-8 | {=c/kaigai,kaigai=CTc/kaigai}
test1 | kaigai | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
test2 | kaigai | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
test3 | kaigai | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
(6 rows)

postgres=# \q

(*) kaigai (superuser) can see test1, test2 and test3.

[kaigai(at)saba ~]$ psql -Uymj postgres
psql (8.4devel)
Type "help" for help.

postgres=> \l
List of databases
Name | Owner | Encoding | Collation | Ctype | Access Privileges
-----------+--------+----------+-------------+-------------+-------------------------------
postgres | kaigai | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | kaigai | UTF8 | en_US.UTF-8 | en_US.UTF-8 | {=c/kaigai,kaigai=CTc/kaigai}
template1 | kaigai | UTF8 | en_US.UTF-8 | en_US.UTF-8 | {=c/kaigai,kaigai=CTc/kaigai}
test1 | kaigai | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
test3 | kaigai | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
(5 rows)

(*) ymj (normal user) cannot see test2 because kaigai revoked it.

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2008-10-16 12:26:47 Re: Memory leak on hashed agg rescan
Previous Message Tom Lane 2008-10-16 02:58:21 Re: autovacuum and reloptions