Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)
Date
Msg-id 200812131237.25949.peter_e@gmx.net
Whole thread Raw
In response to Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)  ("Robert Haas" <robertmhaas@gmail.com>)
List pgsql-hackers
On Friday 12 December 2008 19:31:11 Robert Haas wrote:
> Not really.  I'm not an SELinux expert.  But typically the two do
> exist alongside one another.  For example, installing SELinux (MAC)
> does on your system does not make "chmod g+w file" (DAC) stop working;
> it merely performs an ADDITIONAL security check before allowing access
> to the file.  You have to satisfy BOTH SELinux AND the ordinary
> filesystem permissions system in order to perform an operation on a
> file.

The MAC permissions are usually set up globally (in some cryptic file) and 
apply mandatorily (= M).  So a rule might say, a file named topsecret.pdf can 
only be stored in a certain place, can only be read by certain people, can 
only be opened by a special viewer, cannot be copied and pasted out of, etc.  
And there is nothing you can do about it, even if you own the file (short of 
changing the global policy).

The DAC permissions are set up by the object owner at their discretion (= D).  
So if you write a draft.odt and want your group to look at it, you do a chgrp 
g+r or whatever, as you want.  It would be silly in this case to have to 
request a global MAC policy change for every such step.

> The contention of the author of this patch is that row-level access is
> somehow different - that even though we have two sets of checks for
> files, tables, and (assuming Stephen Frost's patch is accepted)
> columns, we will only have one set of checks for rows, and you can
> pick which one you want.

Yes, that is the part that is puzzling me as well.


pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)
Next
From: Peter Eisentraut
Date:
Subject: Re: WIP: default values for function parameters