From: | Joe Conway <mail(at)joeconway(dot)com> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>, Andres Freund <andres(at)anarazel(dot)de> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: RFC: seccomp-bpf support |
Date: | 2019-08-29 13:51:25 |
Message-ID: | 5ebd3cc0-7ff7-b081-bea9-80db5a8d5008@joeconway.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 8/28/19 4:07 PM, Peter Eisentraut wrote:
> On 2019-08-28 21:38, Joshua Brindle wrote:
>> I think we need to reign in the thread somewhat. The feature allows
>> end users to define some sandboxing within PG. Nothing is being forced
>> on anyone
>
> Features come with a maintenance cost. If we ship it, then people are
> going to try it out. Then weird things will happen. They will report
> mysterious bugs. They will complain to their colleagues. It all comes
> with a cost.
>
>> but we would like the capability to harden a PG installation
>> for many reasons already stated.
>
> Most if not all of those reasons seem to have been questioned.
Clearly Joshua and I disagree, but understand that the consensus is not
on our side. It is our assessment that PostgreSQL will be subject to
seccomp willingly or not (e.g., via docker, systemd, etc.) and the
community might be better served to get out in front and have first
class support.
But I don't want to waste any more of anyone's time on this topic,
except to ask if two strategically placed hooks are asking too much?
Specifically hooks to replace these two stanzas in the patch:
8<--------------------------
diff --git a/src/backend/postmaster/postmaster.c
b/src/backend/postmaster/postmaster.c
index 62dc93d..2216d49 100644
*** a/src/backend/postmaster/postmaster.c
--- b/src/backend/postmaster/postmaster.c
*************** PostmasterMain(int argc, char *argv[])
*** 963,968 ****
--- 963,982 ----
[...]
diff --git a/src/backend/utils/init/postinit.c
b/src/backend/utils/init/postinit.c
index 43b9f17..aac1940 100644
*** a/src/backend/utils/init/postinit.c
--- b/src/backend/utils/init/postinit.c
*************** InitPostgres(const char *in_dbname, Oid
*** 1056,1061 ****
--- 1056,1076 ----
[...]
8<--------------------------
We will continue to pursue this development for customers that require
it and plan to provide an update on our analysis and results.
We thank you for your comments and suggestions.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
From | Date | Subject | |
---|---|---|---|
Next Message | fn ln | 2019-08-29 13:55:47 | Re: BUG #15977: Inconsistent behavior in chained transactions |
Previous Message | Magnus Hagander | 2019-08-29 13:39:39 | Re: no mailing list hits in google |