| From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: security label support, part.2 |
| Date: | 2010-08-17 23:37:24 |
| Message-ID: | 4C6B1D34.3030107@ak.jp.nec.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
(2010/08/18 3:07), Robert Haas wrote:
> On Tue, Aug 17, 2010 at 1:50 PM, Stephen Frost<sfrost(at)snowman(dot)net> wrote:
>> No.. and I'm not sure we ever would. What we *have* done is removed
>> all permissions checking on child tables when a parent is being
>> queried..
>
> Yeah. I'm not totally sure that is sensible for a MAC environment.
> Heck, it's arguably incorrect (though perhaps quite convenient) in a
> DAC environment. Anyway, I wonder if it would be sensible to try to
> adjust the structure of the DAC permissions checks so enhanced
> security providers can make their own decision about how to handle
> this case.
>
As long as we handle child tables in consistent way, here is no matter
for a MAC environment also. As Stephen mentioned, the question was
"what is an object". So, I want child tables being either a part of
parent table or an independent object from its parent.
In the first case, child tables need to have same security properties
(ownership, access privileges, security labels) with its parent.
In the later case, we need to check permissions on child tables also
when we query on the parent, but it is an old perspective now.
Thanks,
--
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2010-08-18 00:04:44 | Re: security label support, part.2 |
| Previous Message | Dave Page | 2010-08-17 22:29:01 | Re: Progress indication prototype |