From: | Greg Smith <gsmith(at)gregsmith(dot)com> |
---|---|
To: | Andrej Ricnik-Bay <andrej(dot)groups(at)gmail(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [0/4] Proposal of SE-PostgreSQL patches |
Date: | 2008-05-01 03:24:26 |
Message-ID: | Pine.GSO.4.64.0804302246080.3430@westnet.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-patches |
On Thu, 1 May 2008, Andrej Ricnik-Bay wrote:
> Not a hacker, just a curious reader ... are there equivalent frameworks
> for the other supported platforms? E.g. MacOS, *BSD, Windows?
SELinux is a Linux implementation of ideas from an earlier NSA project
named Flask. There is port of another variant of that, Flask/TE, that is
making its way into the BSD variants via a project called SEBSD.
TrustedBSD, Darwin (OS X), and OpenSolaris all have projects in this area
already (the Solaris one just launched last month). A good starter page
is http://www.trustedbsd.org/sebsd.html
Particularly given the common heritage, I suspect that the PostgreSQL side
of all these projects will be similar, and that once those hooks are in
place it will just be a matter of tying them into the higher levels of the
other framework. It would be too ambitious to target all of them all at
once for a first pass, but it may be worth a look at the fundamentals of
SEBSD to make sure the right hooks look like they're in place.
Windows has this thing called "Group Policy" that's supposedly leaped
forward for Windows Server 2008. They are now advertising it as like
SELinux, but better. The presentation PDF I just read on that subject
sounds like something written by the crazy guy at Broadway & 57th street I
used to walk by, as he talked on fruit as if they were his cell phone.
It's such a deluded and wildly misguided bit of sales fluff that you can't
take it seriously, and the whole thing just leaves me feeling sorry for
them instead.
--
* Greg Smith gsmith(at)gregsmith(dot)com http://www.gregsmith.com Baltimore, MD
From | Date | Subject | |
---|---|---|---|
Next Message | Greg Smith | 2008-05-01 06:32:05 | Re: [0/4] Proposal of SE-PostgreSQL patches |
Previous Message | Andrej Ricnik-Bay | 2008-05-01 02:16:31 | Re: [0/4] Proposal of SE-PostgreSQL patches |
From | Date | Subject | |
---|---|---|---|
Next Message | Pavel Stehule | 2008-05-01 05:02:39 | Re: temporal version of generate_series() |
Previous Message | Andrej Ricnik-Bay | 2008-05-01 02:16:31 | Re: [0/4] Proposal of SE-PostgreSQL patches |