Home > mailing lists

Re: SE-PostgreSQL Specifications - Mailing list pgsql-hackers

From	Sam Mason
Subject	Re: SE-PostgreSQL Specifications
Date	July 24, 2009 23:46:33
Msg-id	20090724234547.GF5407@samason.me.uk Whole thread Raw
In response to	Re: SE-PostgreSQL Specifications (KaiGai Kohei <kaigai@kaigai.gr.jp>)
Responses	Re: SE-PostgreSQL Specifications
List	pgsql-hackers

Tree view

On Sat, Jul 25, 2009 at 07:23:22AM +0900, KaiGai Kohei wrote:
> Thanks, but I found an incorrect change at the trusted procedure section.
> 
> Old)
>   CREATE TABLE customer (
>       cid     integer primary key,
>       cname   varchar(32),
>       credit  varchar(32)
> -         SECURITY_LABEL = 'system_u:object_r:sepgsql_secret_table_t:s0'
> - );
> 
> New)
>   CREATE TABLE customer (
>       cid     integer primary key,
>       cname   varchar(32),
>       credit  varchar(32)
> + ) SECURITY_LABEL = 'system_u:object_r:sepgsql_secret_table_t:s0';
> 
> This example intends to assign "secret" label on the credit column,
> not whole of the table. Note that the default security context shall
> be assigned on the table and rest of columns in this case.

The show_credit() function in this section would seem to leak authority
as well; it seems possible to determine if customers exist that
otherwise may otherwise hidden.  For example, imagine we have a row
in the customer table with cid=1 whose security label would normally
prevent.  We can perform:
 SELECT show_credit(1);

and, as far as I can tell, this call would succeed.

--  Sam  http://samason.me.uk/

pgsql-hackers by date:

From: Tom Lane
Date: 24 July 2009, 23:39:27
Subject: Re: Non-blocking communication between a frontend and a backend (pqcomm)

From: Andrew Dunstan
Date: 25 July 2009, 00:08:30
Subject: Re: COPY WITH CSV FORCE QUOTE * -- REVIEW

Re: SE-PostgreSQL Specifications - Mailing list pgsql-hackers

Previous

Next