Re: Adding support for SE-Linux security

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Adding support for SE-Linux security
Date: 2009-12-11 04:45:37
Message-ID: 9592.1260506737@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> My guess is that a credible SEPostgres offering will require a long-term
>> amount of work at least equal to, and very possibly a good deal more
>> than, what it took to make a native Windows port.

> The SEPostgres community is surely a lot smaller than the Windows
> community, but I'm not sure whether the effort estimate is accurate or
> not. If "credible" includes "row-level security", then I think I
> might agree, but right now we're just trying to get off the ground.

It's been perfectly clear since day one, and was reiterated as recently
as today
http://archives.postgresql.org/message-id/4B21757E.7090806@2ndquadrant.com
that what the security community wants is row-level security. The
proposals to make SEPostgres drive regular SQL permissions never came
out of anyone from that side, they were proposed by PG people looking
for a manageable first step. Whatever you might believe about the
potential market for SEPostgres, you should divide by about a hundred
as long as it's only an alternate interface to SQL permissions. See
particularly here:
http://wiki.postgresql.org/wiki/SEPostgreSQL_Review_at_the_BWPUG#Revisiting_row-level_security
"Without it, it's questionable whether committing the existing
stripped-down patch really accomplishes anything" --- how much
clearer can they be?

If you're not prepared to assume that we're going to do row level
security, it's not apparent why we should be embarking on this course
at all. And if you do assume that, I strongly believe that my effort
estimate above is on the optimistic side.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Greg Smith 2009-12-11 04:54:17 Re: Adding support for SE-Linux security
Previous Message Jaime Casanova 2009-12-11 04:33:33 Re: thread safety on clients