Re: sepgsql contrib module
| От | KaiGai Kohei |
|---|---|
| Тема | Re: sepgsql contrib module |
| Дата | |
| Msg-id | 4D37CE0C.9000205@ak.jp.nec.com обсуждение исходный текст |
| Ответ на | Re: sepgsql contrib module (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
(2011/01/20 13:01), Robert Haas wrote: > 2011/1/19 KaiGai Kohei<kaigai@ak.jp.nec.com>: >>> And how about adding a >>> ProcessUtility_hook to trap evil non-DML statements that some >>> nefarious user might issues? >>> >> It seems to me reasonable as long as the number of controlled command >> are limited. For example, LOAD command may be a candidate being >> controlled without exceptions. >> However, it will be a tough work, if the plug-in tries to parse and >> analyze supplied utility commands by itself. > > I think the key is to either accept or reject the command based on > very simple criteria - decide based only on the command type, and > ignore its parameters. > I can understand this idea, however, it is hard to implement this criteria, because SELinux describes all the rules as a relationship between a client and object using their label, so we cannot know what actions (typically represented in command tag) are allowed or denied without resolving their object names. >> I uploaded my draft here. >> http://wiki.postgresql.org/wiki/SEPostgreSQL_Documentation >> >> If reasonable, I'll move them into *.sgml style. > > I have yet to review that, but will try to get to it before too much > more time goes by. > OK, I try to translate it into *.sgml format. >> I may want to simplify the step to installation using an installer >> script. > > OK, but let's get this nailed down as soon as possible. Tempus fugit. > I like to give my higher priority on the ProcessUtility_hook, rather than installation script. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com>
В списке pgsql-hackers по дате отправления: