Postgres Pro
Downloads
Home   >   mailing lists

[PATCH] Cleanup existing PG privileges - database, schema - Mailing list pgsql-hackers

From KaiGai Kohei
Subject [PATCH] Cleanup existing PG privileges - database, schema
Date
Msg-id 4B287708.5070709@ak.jp.nec.com
Whole thread Raw
List pgsql-hackers
Tree view 
The attached patch is a draft for the discussion.

It cleans up the existing PG privileges checks related to databases
and schemas, and consolidates points where it applies privileges
checks as a groundwork for the upcoming security framework.

We have tried a few approaches to implement SE-PgSQL for this year,
however, it has a bit high hurdle to join development, because it
tried to separate features unless it loses something useful.
It naturally holds two parts within a patch. The one is modification
to the core routines. The other is selinux specific code.
The selinux-specific part was hurdle for pgsql-folks, and the core
pgsql part was hurdle for selinux-folks.

Under the CF#3, we had a fruitful discussion, especially BWPUG
meeting. Again, Stephen Frost suggested to start the development
from a common security framework for both of security models.

http://wiki.postgresql.org/wiki/SEPostgreSQL_Review_at_the_BWPUG#PostgreSQL_security_check_cleanup

It allows us to focus on the pure pgsql part, without any selinux
specific part at the moment.

In the CF#2, I tried to rework anything with a single patch, but this
approach was wrong, too large. So, I'll try to separate the changeset
smaller, per object class basis.

This patch is a groundwork before the security framework.
The existing PG checks requires multiple permission checks in separate
places for a single operation, but it makes harder to replace these
inlined permission checks by security hooks.
It tries to consolidate multiple separate permission checks into same
place for database and schema, as a discussion draft.

* LookupCreationNamespace
 It checks CREATE permission on the reuiqred schema, when ALTER with
 SCHEMA TO option. It will be consolidated to check_*_alter_schema()
 hooks, so I removed this check and moved to the caller.

* createdb movedb
 It repeats name resolve and permission checks if necessary.
 So, I consolidate permission checks in a same place.

$ diffstat pgsql-01-ground-work-8.5devel-r2486.patch
 catalog/namespace.c     |   11 --!!!
 commands/dbcommands.c   |   89 ++++++++++++++++++++++++--------------------!!!
 commands/functioncmds.c |   11 ++++!
 commands/tablecmds.c    |   11 ++++!
 commands/typecmds.c     |   11 ++++!
 5 files changed, 72 insertions(+), 43 deletions(-), 18 modifications(!)

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>
Attachment

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Patch: Remove gcc dependency in definition of inline functions
Next
From: KaiGai Kohei
Date:
Subject: [PATCH] remove redundant ownership checks