Re: security label support, part.2

From: "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
To: "Stephen Frost" <sfrost(at)snowman(dot)net>
Cc: "Robert Haas" <robertmhaas(at)gmail(dot)com>, "KaiGai Kohei" <kaigai(at)kaigai(dot)gr(dot)jp>, <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: security label support, part.2
Date: 2010-08-17 18:01:00
Message-ID: 4C6A880C0200002500034793@gw.wicourts.gov
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

>Stephen Frost <sfrost(at)snowman(dot)net> wrote:

> No.. and I'm not sure we ever would. What we *have* done is
> removed all permissions checking on child tables when a parent is
> being queried..

OK, that clarifies things. Thanks.

So, essentially that means that you need to set all ancestor levels
to something at least as strict as the intersection of all the
permissions on lower levels to avoid exposing something through an
ancestor which is restricted in a descendant. And you'd better
trust the owner of any table you extend, because they can bypass any
attempt to restrict access to the table you create which extends
theirs.

I hope those security implications are well documented.

-Kevin

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2010-08-17 18:07:18 Re: security label support, part.2
Previous Message Peter Eisentraut 2010-08-17 17:55:58 Re: Python 2.7 deprecated the PyCObject API?