On Wednesday 22 October 2008 12:14:12 Josh Berkus wrote:
> Joshua Kramer wrote:
> > Howdy Folks,
> >
> > I notice that several SELinux patches have been submitted in the
> > CommitFest targeting Nov 1 for 8.4. Is this on track for implementation
> > in Postgres core by 8.4?
>
> Still under discussion. The idea is to get it merged for 8.4, *but*
> there's three critical areas that need help:
>
> 1) making row-based permissions which is exposed to the SQL command line
> and works even without SELinux.
>
> 2) coming up with some acceptable algorithm in which FKs can work with
> row-based-permissions which can be improved in the future without
> breaking backwards compatibility.
>
> 3) detailed checking of the current implementation of SEPostgres against
> the Common Criteria requirements by someone who speaks "security tech".
>
> So, anyone who wants this patch, **we need your help** in making it happen.
>
> Also, as you can see, PostgreSQL is not about "good enough" but about
> "as good as we can reasonably do". I think generally that since we're
> releasing once a year, every year, holding off on a patch for one
> version to make it "near perfect" is probably a good strategy ... as
> much as it pains me to wait.
>
> Current status of SEPostgres patch: hopeful, but not assured.
>
Someone mentioned to me that IBM and Oracle have several patents in this area,
is anyone looking into that angle?
--
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL