Home > mailing lists

[sepgsql] missing checks of process:transition on trusted procedure invocation - Mailing list pgsql-hackers

From	Kohei Kaigai
Subject	[sepgsql] missing checks of process:transition on trusted procedure invocation
Date	April 5, 2011 06:29:56
Msg-id	A9F5079BABDEE646AEBDB6831725762C52B55BDAA0@EUEXCLU01.EU.NEC.COM Whole thread Raw
List	pgsql-hackers

Tree view

Sorry, I missed a permission check on invocation of trusted procedures.

When client's label getting switched to Y from X, we needed to check
process:transition permission between label X and label Y.
It is same manner when OS launches a program with a special label to
cause domain transition.

The attached patch adds checks this permission when user tries to
invoke a trusted procedure and switch security label of the client.
In addition, it also adds a case of regression test of this problem.

Thanks,
--
NEC Europe Ltd, SAP Global Competence Center
KaiGai Kohei <kohei.kaigai@eu.nec.com>

Attachment

sepgsql-fix-domain-transition.1.patch

pgsql-hackers by date:

From: Joseph Adams
Date: 05 April 2011, 05:11:44
Subject: Re: cast from integer to money

From: Vlad Arkhipov
Date: 05 April 2011, 07:24:48
Subject: Reading from a REFCURSOR in a C language function

[sepgsql] missing checks of process:transition on trusted procedure invocation - Mailing list pgsql-hackers

Attachment

Previous

Next