Home > mailing lists

Re: [sepgsql] missing checks of process:transition on trusted procedure invocation - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: [sepgsql] missing checks of process:transition on trusted procedure invocation
Date	April 4, 2011 17:26:22
Msg-id	BANLkTikMyhv+0meGGoBWravO_VhOM9QJew@mail.gmail.com Whole thread Raw
List	pgsql-hackers

Tree view

On Mon, Apr 4, 2011 at 11:01 AM, Kohei Kaigai <Kohei.Kaigai@eu.nec.com> wrote:
> Sorry, I missed a permission check on invocation of trusted procedures.
>
> When client's label getting switched to Y from X, we needed to check
> process:transition permission between label X and label Y.
> It is same manner when OS launches a program with a special label to
> cause domain transition.
>
> The attached patch adds checks this permission when user tries to
> invoke a trusted procedure and switch security label of the client.
> In addition, it also adds a case of regression test of this problem.

Committed.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Robert Haas
Date: 04 April 2011, 17:24:23
Subject: Re: trivial patch: show SIREAD pids in pg_locks

From: Susanne Ebrecht
Date: 04 April 2011, 17:27:14
Subject: Re: [DOCS] Uppercase SGML entity declarations

Re: [sepgsql] missing checks of process:transition on trusted procedure invocation - Mailing list pgsql-hackers

Previous

Next