From: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
---|---|
To: | Bruce Momjian <bruce(at)momjian(dot)us> |
Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1168) |
Date: | 2008-11-03 11:36:37 |
Message-ID: | 490EE245.3090004@kaigai.gr.jp |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Bruce Momjian wrote:
> KaiGai Kohei wrote:
>> I've updated my patches, it contains a few bugfixes.
>>
>> [1/6] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1168.patch
>> [2/6] http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r1168.patch
>> [3/6] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1168.patch
>> [4/6] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1168.patch
>> [5/6] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1168.patch
>> [6/6] http://sepgsql.googlecode.com/files/sepostgresql-row_acl-8.4devel-3-r1168.patch
>>
>> The comprehensive documentation for SE-PostgreSQL is here:
>> http://wiki.postgresql.org/wiki/SEPostgreSQL (it is now under reworking.)
>>
>> List of updates:
>> - Patches are rebased to the latest CVS HEAD.
>> - bugfix: permission checks are ignored for per statement trigger functions
>> - bugfix: per-statement trigger function ignored trusted function configuration
>> - bugfix: not a proper permission check on lo_export(xxx, '/dev/null')
>>
>>> Request for Comments:
>>> - The 4th patch is actually needed? It can be replaced by wiki page.
>>> - Do you think anything remained towards the final CommitFest?
>>> - Do you have any reviewing comment? Most of patches are unchanged from
>>> the previous vesion. If you can comment anything, I can fix them without
>>> waiting for the final commit fest.
>
> I just looked over the patch. This new version with row-level SQL
> security has certainly reduced the SE-Linux-specific part, which is
> good.
>
> It was interesting how you implemented SQL-level column-level
> permissions:
>
> CREATE TABLE customer (
> cid integer primary key,
> cname varchar(32),
> credit varchar(32) SECURITY_CONTEXT = 'system_u:object_r:sepgsql_secret_table_t'
> );
>
> I am unclear how that will behave with the column-level permissions
> patch someone is working on. I am wondering if your approach is clearer
> than the other patch because it gives a consistent right policy for rows
> and columns.
The column-level permissions in SE-PostgreSQL works independently and
orthogonally from the upcoming column-level permissions by Stephen Frost.
When the SE-PostgreSQL is enabled, both of facilities have to allow the
client to access required columns.
In the above case, the "credit" column has "sepgsql_secret_table_t" type,
but rest of columns inherits the type of "customer" table which allows
non-administrative users to access in the default security policy.
If the given query contains the "credit" column, SE-PostgreSQL checks
privileges of client to access columns labeled as "sepgsql_secret_table_t",
then it raises an error to abort the current transaction if the security
policy does not allow it.
There is a possibility that column-level ACLs are set via newer GRANT/REVOKE
statement. In this case, the core PostgreSQL checks them, and raises an error
if violated.
> I was wondering why you mention the NSA (U.S. National Security Agency)
> in the patch?
>
> +# NSA SELinux support
The original author of SELinux is NSA.
There is no more meanings than a caption of the option.
I'll fix it, if necessary.
> The size of the patch is still larger but I don't see any way to reduce it:
>
> 1275 sepostgresql-docs-8.4devel-3-r1168.patch
> 625 sepostgresql-pg_dump-8.4devel-3-r1168.patch
> 829 sepostgresql-policy-8.4devel-3-r1168.patch
> 1736 sepostgresql-row_acl-8.4devel-3-r1168.patch
> 10847 sepostgresql-sepgsql-8.4devel-3-r1168.patch
> 1567 sepostgresql-tests-8.4devel-3-r1168.patch
> 16879 total
I thought the "sepostgresql-docs" can be replaced by the pointing to the wiki
page, how do you think the idea?
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
From | Date | Subject | |
---|---|---|---|
Next Message | Zdenek Kotala | 2008-11-03 11:41:45 | Re: How to parse Datum |
Previous Message | Richard Huxton | 2008-11-03 11:06:50 | Re: reliable lock inside stored procedure |