[PATCH] Cleanup existing PG privileges - database, schema
| От | KaiGai Kohei |
|---|---|
| Тема | [PATCH] Cleanup existing PG privileges - database, schema |
| Дата | |
| Msg-id | 4B287708.5070709@ak.jp.nec.com обсуждение исходный текст |
| Список | pgsql-hackers |
The attached patch is a draft for the discussion. It cleans up the existing PG privileges checks related to databases and schemas, and consolidates points where it applies privileges checks as a groundwork for the upcoming security framework. We have tried a few approaches to implement SE-PgSQL for this year, however, it has a bit high hurdle to join development, because it tried to separate features unless it loses something useful. It naturally holds two parts within a patch. The one is modification to the core routines. The other is selinux specific code. The selinux-specific part was hurdle for pgsql-folks, and the core pgsql part was hurdle for selinux-folks. Under the CF#3, we had a fruitful discussion, especially BWPUG meeting. Again, Stephen Frost suggested to start the development from a common security framework for both of security models. http://wiki.postgresql.org/wiki/SEPostgreSQL_Review_at_the_BWPUG#PostgreSQL_security_check_cleanup It allows us to focus on the pure pgsql part, without any selinux specific part at the moment. In the CF#2, I tried to rework anything with a single patch, but this approach was wrong, too large. So, I'll try to separate the changeset smaller, per object class basis. This patch is a groundwork before the security framework. The existing PG checks requires multiple permission checks in separate places for a single operation, but it makes harder to replace these inlined permission checks by security hooks. It tries to consolidate multiple separate permission checks into same place for database and schema, as a discussion draft. * LookupCreationNamespace It checks CREATE permission on the reuiqred schema, when ALTER with SCHEMA TO option. It will be consolidated to check_*_alter_schema() hooks, so I removed this check and moved to the caller. * createdb movedb It repeats name resolve and permission checks if necessary. So, I consolidate permission checks in a same place. $ diffstat pgsql-01-ground-work-8.5devel-r2486.patch catalog/namespace.c | 11 --!!! commands/dbcommands.c | 89 ++++++++++++++++++++++++--------------------!!! commands/functioncmds.c | 11 ++++! commands/tablecmds.c | 11 ++++! commands/typecmds.c | 11 ++++! 5 files changed, 72 insertions(+), 43 deletions(-), 18 modifications(!) Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com>
Вложения
В списке pgsql-hackers по дате отправления: