Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE - Mailing list pgsql-hackers

From Tom Lane
Subject Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE
Date
Msg-id 6167.1240239593@sss.pgh.pa.us
Whole thread Raw
In response to Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE  (Greg Stark <stark@enterprisedb.com>)
Responses Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE
List pgsql-hackers
Greg Stark <stark@enterprisedb.com> writes:
> I think we're talking at cross purposes here. I think Kai Gai's
> descriptions make sense if you start with a different set of
> assumptions. The idea behind SELinux is that each individual object is
> access controlled and each user has credentials which grant access to
> specific operations on specific objects. As I understand it part of
> the goal is to eliminate situations where "setuid" or other forms of
> privilege escalation is required.

Well, if so, the idea is a miserable failure.  SELinux has just as many
setuid programs as any other Unix, and absolutely zero hope of removing
them.  I am not going to take the idea of "remove setuid" seriously when
they haven't been able to accomplish it anywhere else.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Heikki Linnakangas
Date:
Subject: Re: Re: [COMMITTERS] pgsql: Explicitly bind gettext to the correct encoding on Windows.
Next
From: Gregory Stark
Date:
Subject: Re: [PATCH] unalias of ACL_SELECT_FOR_UPDATE