| From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Joshua Brindle <method(at)manicmethod(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Gregory Stark <stark(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Bernd Helmle <mailings(at)oopsware(dot)de>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: 8.4 release planning |
| Date: | 2009-01-28 04:44:22 |
| Message-ID: | 497FE2A6.6060702@ak.jp.nec.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jaime Casanova wrote:
> On Tue, Jan 27, 2009 at 2:18 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> This seems to me to be exactly parallel to deciding that SELinux should
>> control only table/column permissions within SQL; an approach that would
>> be enormously less controversial, less expensive, and more reliable than
>> what SEPostgres tries to do.
>>
>
> seems that the controversial part of sepgsql is row level permissions,
> can we try to commit (obviously with good revision and test) the
> table/column privileges part of that patch?
Actually, it is already done.
http://code.google.com/p/sepgsql/source/browse/trunk/sepgsql/src/backend/utils/misc/guc.c#1242
http://code.google.com/p/sepgsql/source/browse/trunk/sepgsql/src/backend/security/sepgsql/permissions.c#518
Its original purpose is different, to reduce storage consumption.
But it can be a point of compromise.
See, http://archives.postgresql.org/message-id/492691A8.8030103@ak.jp.nec.com
Is it a reasonable option to allow users to turn on/off?
I can add a documentation about its background and tradeoffs,
for user's correct decision.
Thanks,
> that is still a step on the direction of full centralized security
> management on the system...
>
> let the row level privileges part for 8.5, that way the patch will be
> smaller now and then...
>
> remember, postponed is not rejected is just a way to give more time to
> think (WITH patch comes from the prior release cycle and was committed
> in this release), not to think about one scenario but about all
> possible scenarios in a more wide audience
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | KaiGai Kohei | 2009-01-28 05:02:08 | Re: 8.4 release planning |
| Previous Message | KaiGai Kohei | 2009-01-28 04:41:17 | Re: 8.4 release planning |