Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep) - Mailing list pgsql-hackers

From KaiGai Kohei
Subject Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep)
Date
Msg-id 48D1038B.7020402@kaigai.gr.jp
Whole thread Raw
In response to Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep)  (KaiGai Kohei <kaigai@ak.jp.nec.com>)
List pgsql-hackers
KaiGai Kohei wrote:
> Peter, thanks for your comments.
> 
>  > Let's review:
>  >
>  > *) System-wide consistency in access controls could be nice to have in
>  > some cases.  But is it really achievable?  In the typical three-tier web
>  > application scenario, do you really have system-wide consistency?  Can
>  > you configure your application server using SELinux?  I'm no expert on
>  > these things, but I wonder, would it even work in a useful way, over the
>  > network, with all the different threads, processes, and sessions going
>  > on?  Or how about a desktop, pgAdmin with several database connections,
>  > can those be isolated from each other or whatever the security setup may
>  > be?
> 
> It's a good question. Yes, it is possible no need to say. :)
> 
> We can configure Apache to kick its contents handler with a proper security
> context. The contents handler is a sort of Apache module to handle various
> kind of web contents like *.html, *.php, *.cgi and so on.
> The existing module (mod_selinux) eanbles to invoke CGI program with a 
> proper
> security context based on HTTP authentication. In addition, the upcoming
> Linux kernel got a feature to assign built-in scripts its security context.
> 
> SELinux applied its access controls based on the assigned security context
> for various kind of objects like files, sockets, IPCs, tables, columns and
> so on.
> 
> I can provide a demonstration, pelase wait for a while to set up.

The following URL can show the demonstration:  http://kaigai.myhome.cx/index.php

It requires HTTP authentication, and you can choose one of "foo", "var" or "baz".
They can be authenticated by same password: "sepgsql".

The web server assigns per-user security context for its contents handler
including the PHP script. It shows the result set of SQL query depends on
the security context of its client.

(note) This script always connects to SE-PostgreSQL server with "apache" role       that has a privileged user rights.

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>


pgsql-hackers by date:

Previous
From: Martin Pihlak
Date:
Subject: Re: per-table autovacuum configuration
Next
From: Andrew Chernow
Date:
Subject: Re: [PATCHES] libpq events patch (with sgml docs)