Re: SE-PostgreSQL Specifications

On Mon, Aug 3, 2009 at 10:19 PM, Stephen Frost<sfrost@snowman.net> wrote:
> KaiGai,
>
> * KaiGai Kohei (kaigai@ak.jp.nec.com) wrote:
>> So, we may be able to modify the development plan as follows:
>> * 2nd CommitFest (15-Sep)
>>  - security abstraction layer
>> (- largeobject permission)
>>
>> * 3rd CommitFest (15-Nov)
>>  - basic functionality of SE-PostgreSQL
>>
>> * 4th CommitFest (15-Jan)
>>  - full functionality of SE-PostgreSQL
>>    (row-level controls, filesystem permissions, ...)
>
> Not to throw water on this right from the get-go, but I think getting
> the security abstraction and basic SE-PostgreSQL functionality (based on
> existing PG permissions) into 8.5 will be enough of a stretch.
> row-level security needs to be implement in PG proper first, before we
> can add the SE-PG hooks for it.  That's going to be a serious amount of
> work by itself, and is something which is extremely unlikely to make
> sense to commit that late in the cycle.

+1.  Optimism is good, realism is better.

> Let's focus on improving aclchk.c to the point where SE-PG can be
> easily added without dropping hooks all over the place.  If we can get
> that into 8.5 it will be a huge success.  We can then work on row-level
> permissions for 8.6, first as a PG-native feature, and then with SE-PG
> hooks.

Row-level security is going to be a very, very difficult feature to
implement properly.  A lot of thought is needed here to design
something good.

...Robert