Re: Updates of SE-PostgreSQL 8.4devel patches (r1704) - Mailing list pgsql-hackers

From KaiGai Kohei
Subject Re: Updates of SE-PostgreSQL 8.4devel patches (r1704)
Date
Msg-id 49B748C0.9040105@ak.jp.nec.com
Whole thread Raw
In response to Re: Updates of SE-PostgreSQL 8.4devel patches (r1704)  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tom Lane wrote:
> Ron Mayer <rm_pg@cheapcomplexdevices.com> writes:
>> As far as I can tell, the community feels interested in the
>> feature set; but relatively unable to contribute since none
>> of the people have that much of a security background.  It
>> seems the best way to fix that would be to get more people
>> with a security background more involved.
> 
> It's experience with the Postgres code base that I'm worried about.
> I don't question KaiGai-san's security background; I do doubt that
> he knows where all the skeletons are buried in the PG backend.
> A couple of very recent examples of that: his patch to fix a problem
> with inheritance of column privileges was approximately the right thing,
> but inefficiently duplicated the functionality of nearby code:
> http://archives.postgresql.org/pgsql-hackers/2009-03/msg00196.php
> and it didn't take Heikki long at all to note an oversight in the part
> of the latest sepostgres patch that attempted to confine superusers'
> file read/write abilities:
> http://archives.postgresql.org/pgsql-hackers/2009-03/msg00446.php

Indeed, I have less than three years experience of development
in PostgreSQL backend. However, I don't believe it is a productive
discussion to point out such kind of failures.
At least, I think it is worthwhile to report bugs/submit patches
much more than keeping silent with being afraid of failures.
If submitted patches are not still enough elegant, we can fix and
improve them via discussions.

> More generally, there's been no discussion or community buy-in on
> design questions such as whether the patch should even try to confine
> superusers on such a fine-grained basis.  (I agree with Heikki's
> thought that this may be a lost cause given our historical design
> assumption that superusers can do anything.)
> 
> So I remain strongly of the opinion that what this patch lacks is
> review from longtime PG hackers.  It's not the security community
> that is missing from the equation.

Two months ago, I agreed to postpone some of features especially
hot in discussion, to reduce the scale of patches and burden of
reviewers on the v8.4 development phase.
In addition, I also reduced more than 1,000 lines as Heikki
suggested. Its purpose is to focus the points to be discussed.

I would like to have a productive discssion.
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>


pgsql-hackers by date:

Previous
From: KaiGai Kohei
Date:
Subject: Updates of SE-PostgreSQL 8.4devel patches (r1710)
Next
From: Peter Eisentraut
Date:
Subject: Re: Prepping to break every past release...