| From: | Joshua Brindle <method(at)manicmethod(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Gregory Stark <stark(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Bernd Helmle <mailings(at)oopsware(dot)de> |
| Subject: | Re: 8.4 release planning |
| Date: | 2009-01-27 21:11:59 |
| Message-ID: | 497F789F.8000809@manicmethod.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>> Personally, I think it'd be terrible to implement the suggestion that
>> started this sub-thread since it breaks with what is currently done
>> elsewhere and what the users of this feature would expect.
>
> Upthread we were being told that this patch breaks new ground and will
> offer capability available nowhere else. Now I'm hearing that it's just
> a "me too" patch to catch up with capability already available from N
> commercial vendors. Which is it?
>
It is like the difference between Trusted Solaris (really all the old trusted
OS's) and SELinux. They both implement mandatory access control and both
implement Bell and LaPadula as needed by the government/military but SELinux,
via type enforcement, goes further to provide a completely flexible mandatory
access control system.
SELinux is useful to meet all sorts of security goals, from system and
application integrity to data pipelining and confidentiality. The SELinux
community believes this sort of access control is important to not only the
military but commercial and even small scale systems.
Further, because sepostgresql integrates well with SELinux the same system wide
access controls flow seamlessly into the database. Are you able to access secret
data on the filesystem? If so you'll be able to access secret data in the
database. Are you able to update accounting information in the filesystem? Then
you'll be able to update accounting information in the database.
This also integrates with KaiGai's other work to SELinux-ize apache so that an
apache server can run a user script from a users home directory and a type
transition occurs to run the script in the appropriate domain for that user,
then when that script accesses the database they'll have only the access that
users script should have.
This kind of end-to-end integration with mandatory access control is certainly
ground breaking and isn't just the same ol' same ol' that other database vendors
are doing (and have been doing for quite some time).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2009-01-27 21:14:05 | Re: 8.4 release planning |
| Previous Message | Tom Lane | 2009-01-27 21:10:47 | Re: pg_upgrade project status |