Quick Links

Re: Updates of SE-PostgreSQL 8.4devel patches (r1710)

From:	Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To:	Gregory Stark <stark(at)enterprisedb(dot)com>
Cc:	Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Bruce Momjian <bruce(at)momjian(dot)us>, Joshua Brindle <method(at)manicmethod(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>
Subject:	Re: Updates of SE-PostgreSQL 8.4devel patches (r1710)
Date:	2009-03-11 13:54:13
Message-ID:	20090311135413.GG4009@alvh.no-ip.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Gregory Stark escribió:
> Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> writes:
>
> > KaiGai Kohei wrote:
> >> * ACL_SELECT_FOR_UPDATE has same value with ACL_UPDATE, so SE-PostgreSQL
> >> checks db_table:{update} permission on SELECT ... FOR SHARE OF,
> >> instead of db_table:{lock} permission.
> >
> > This again falls into the category of trying to have more fine-grained
> > permissions than vanilla PostgreSQL has. Just give up on the lock permission,
> > and let it check update permission instead. Yes, it can be annoying that you
> > need update-permission to do SELECT FOR SHARE, but that's an existing problem
> > and not in scope for this patch.
>
> Would it make sense to instead of removing and deferring pieces bit by bit to
> instead work the other way around? Extract just the part of the patch that
> maps SELinux capabilities to Postgres privileges as a first patch? Then
> discuss any other parts individually at a later date?

I think that makes sense. Implement just a very basic core in a first
patch, and start adding checks slowly, one patch each. We have talked
about "incremental patches" in the past.

We wouldn't get "unbreakable PostgreSQL" in a single commit, but we
would at least start moving.

The good thing about having started in the opposite direction is that by
now we know that the foundation APIs are good enough to build the
complete feature.

--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

In response to

Re: Updates of SE-PostgreSQL 8.4devel patches (r1710) at 2009-03-11 10:39:19 from Gregory Stark

Responses

Re: Updates of SE-PostgreSQL 8.4devel patches (r1710) at 2009-03-11 16:53:52 from Ron Mayer
Re: Updates of SE-PostgreSQL 8.4devel patches (r1710) at 2009-03-11 17:22:23 from Tom Lane
Re: Updates of SE-PostgreSQL 8.4devel patches (r1710) at 2009-03-13 01:37:19 from KaiGai Kohei
Re: Updates of SE-PostgreSQL 8.4devel patches (r1710) at 2009-03-16 02:56:19 from Bruce Momjian

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Pavel Stehule	2009-03-11 14:15:03	Re: idea, proposal: only preloadable libraries (conditional load)
Previous Message	Marko Kreen	2009-03-11 13:51:26	Re: gcc: why optimize for size flag is not the default