Re: security label support, part.2 - Mailing list pgsql-hackers

From KaiGai Kohei
Subject Re: security label support, part.2
Date
Msg-id 4C6B1D34.3030107@ak.jp.nec.com
Whole thread Raw
In response to Re: security label support, part.2  (Robert Haas <robertmhaas@gmail.com>)
List pgsql-hackers
(2010/08/18 3:07), Robert Haas wrote:
> On Tue, Aug 17, 2010 at 1:50 PM, Stephen Frost<sfrost@snowman.net>  wrote:
>> No..  and I'm not sure we ever would.  What we *have* done is removed
>> all permissions checking on child tables when a parent is being
>> queried..
> 
> Yeah.  I'm not totally sure that is sensible for a MAC environment.
> Heck, it's arguably incorrect (though perhaps quite convenient) in a
> DAC environment.  Anyway, I wonder if it would be sensible to try to
> adjust the structure of the DAC permissions checks so enhanced
> security providers can make their own decision about how to handle
> this case.
> 
As long as we handle child tables in consistent way, here is no matter
for a MAC environment also. As Stephen mentioned, the question was
"what is an object". So, I want child tables being either a part of
parent table or an independent object from its parent.
In the first case, child tables need to have same security properties
(ownership, access privileges, security labels) with its parent.
In the later case, we need to check permissions on child tables also
when we query on the parent, but it is an old perspective now.

Thanks,
-- 
KaiGai Kohei <kaigai@ak.jp.nec.com>


pgsql-hackers by date:

Previous
From: Dave Page
Date:
Subject: Re: Progress indication prototype
Next
From: Stephen Frost
Date:
Subject: Re: security label support, part.2