Re: [0/4] Proposal of SE-PostgreSQL patches

From: Greg Smith <gsmith(at)gregsmith(dot)com>
To: Andrej Ricnik-Bay <andrej(dot)groups(at)gmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [0/4] Proposal of SE-PostgreSQL patches
Date: 2008-05-01 03:24:26
Message-ID: Pine.GSO.4.64.0804302246080.3430@westnet.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches

On Thu, 1 May 2008, Andrej Ricnik-Bay wrote:

> Not a hacker, just a curious reader ... are there equivalent frameworks
> for the other supported platforms? E.g. MacOS, *BSD, Windows?

SELinux is a Linux implementation of ideas from an earlier NSA project
named Flask. There is port of another variant of that, Flask/TE, that is
making its way into the BSD variants via a project called SEBSD.
TrustedBSD, Darwin (OS X), and OpenSolaris all have projects in this area
already (the Solaris one just launched last month). A good starter page
is http://www.trustedbsd.org/sebsd.html

Particularly given the common heritage, I suspect that the PostgreSQL side
of all these projects will be similar, and that once those hooks are in
place it will just be a matter of tying them into the higher levels of the
other framework. It would be too ambitious to target all of them all at
once for a first pass, but it may be worth a look at the fundamentals of
SEBSD to make sure the right hooks look like they're in place.

Windows has this thing called "Group Policy" that's supposedly leaped
forward for Windows Server 2008. They are now advertising it as like
SELinux, but better. The presentation PDF I just read on that subject
sounds like something written by the crazy guy at Broadway & 57th street I
used to walk by, as he talked on fruit as if they were his cell phone.
It's such a deluded and wildly misguided bit of sales fluff that you can't
take it seriously, and the whole thing just leaves me feeling sorry for
them instead.

--
* Greg Smith gsmith(at)gregsmith(dot)com http://www.gregsmith.com Baltimore, MD

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Greg Smith 2008-05-01 06:32:05 Re: [0/4] Proposal of SE-PostgreSQL patches
Previous Message Andrej Ricnik-Bay 2008-05-01 02:16:31 Re: [0/4] Proposal of SE-PostgreSQL patches

Browse pgsql-patches by date

  From Date Subject
Next Message Pavel Stehule 2008-05-01 05:02:39 Re: temporal version of generate_series()
Previous Message Andrej Ricnik-Bay 2008-05-01 02:16:31 Re: [0/4] Proposal of SE-PostgreSQL patches