Re: SE-PostgreSQL Specifications - Mailing list pgsql-hackers

From Sam Mason
Subject Re: SE-PostgreSQL Specifications
Date
Msg-id 20090725202706.GM5407@samason.me.uk
Whole thread Raw
In response to Re: SE-PostgreSQL Specifications  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: SE-PostgreSQL Specifications
List pgsql-hackers
On Sat, Jul 25, 2009 at 11:06:37AM -0400, Tom Lane wrote:
> There had better still be superusers.  Or do you want the correctness
> of your backups to depend on whether your SELinux policy is correct?

I thought the whole point of MAC was that superusers don't exist any
more--at least not with the power they currently do.  Organizations may
well not trust specific parts of their database to certain types of
backups, SE-PG should allow this to be controlled somewhat.

> The first time somebody loses critical data because SELinux suppressed
> it from their pg_dump output, they're going to be on the warpath.

That should be solved by different methods; as "A.M" said pg_dump can
complain if it doesn't see everything it expected to (which should
handle the naive user case) and backdoors can be put in the scheme
that will (by default?) initially allow a "backup" subject unfettered
read-only access to each object.  I'm expecting that this access can be
revoked as needed from sensitive tables.

--  Sam  http://samason.me.uk/


pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: autogenerating headers & bki stuff
Next
From: Robert Haas
Date:
Subject: Re: SE-PostgreSQL Specifications