Re: Adding support for SE-Linux security - Mailing list pgsql-hackers
| From | David P. Quigley |
|---|---|
| Subject | Re: Adding support for SE-Linux security |
| Date | |
| Msg-id | 1260284844.2484.49.camel@moss-terrapins.epoch.ncsc.mil Whole thread Raw |
| In response to | Re: Adding support for SE-Linux security (Greg Smith <greg@2ndquadrant.com>) |
| Responses |
Re: Adding support for SE-Linux security
|
| List | pgsql-hackers |
On Mon, 2009-12-07 at 22:25 -0500, Greg Smith wrote: > David P. Quigley wrote: > > Not to start a flame war here about access control models but you gave 3 > > different examples one of which I don't think has any means to do > > anything productive here. > You won't be starting a flame war for the same reason some of the > community members are so concerned about this patch. There aren't enough > people familiar with this part of the security field within our database > developer community to even be able to answer fairly basic questions > like the one you just clarified. If you can help bring more qualified > reviewers to bear on that, it would be extremely helpful. I even tried > to organize a meetup between PostgreSQL hackers working in this area and > the security people I knew around here (Baltimore/DC) last year, but > just couldn't find any interested enough to show. Other than a brief > visit on this list from some of the Tresys guys, we haven't seen much > input here beyond that offered by the patch author, who's obviously > qualified but at the end of the day is still only one opinion. He's also > not in a good position to tell other people their ideas are misinformed > either. > I can't make any guarantees on who I can drag to a meeting but if you wanted to try to organize another meeting between the Postgres people and some of us I can try to organize it on our end. One of my coworkers that does a lot of commenting on stuff like this is on leave at the moment but when he gets back I'll discuss it with him. I'll also talk with some of the other people in the area on our end to see what I can arrange. If you have any questions in the meantime feel free to ask. If there are any specific parts of the patch that you'd like discussed I can do that as well. I do have to agree though that I'd rather see KaiGai's original security plugin framework go in and then merge a particular security module after that.From what I see it would require at least the hook framework and the label storage mechanism. I feel bad saying that knowing the KaiGai spent a lot of time ripping all of that out. However if you are concerned about supporting more than just SELinux as a MAC model then the plugin framework he originally proposed is the better solution. I'd be willing to take a look at the framework and see if it really is SELinux centric. If it is we can figure out if there is a way to accomodate something like SMACK and FMAC. I'd like to hear from someone with more extensive experience with Solaris Trusted Extensions about how TX would make use of this. I have a feeling it would be similar to the way it deals with NFS which is by having the process exist in the global zone as a privileged process and then multi-plexes it to the remaining zones. That way their getpeercon would get a label derived from the zone. Dave
pgsql-hackers by date: