[HACKERS] Updates of SE-PostgreSQL 8.4devel patches (r1710)

KaiGai Kohei Tue, 10 Mar 2009 21:10:23 -0700

Heikki, it is the list of updated patches:

http://sepgsql.googlecode.com/files/sepgsql-core-8.4devel-r1710.patch
http://sepgsql.googlecode.com/files/sepgsql-utils-8.4devel-r1710.patch
http://sepgsql.googlecode.com/files/sepgsql-policy-8.4devel-r1710.patch
http://sepgsql.googlecode.com/files/sepgsql-docs-8.4devel-r1710.patch
http://sepgsql.googlecode.com/files/sepgsql-tests-8.4devel-r1710.patch


- List of updates:
 * Permission checks on SET/SHOW were removed.
 * Add a new permission: db_database:{superuser}
   sepgsqlCheckDatabaseSuperuser() is invoked from superuser_arg()
   to check whether the clietn can perform as a superuser in this
   database, or not.
 * Permission checks on procedure installation is separated.
 * Permission checks on install/load C-libraries are separated.
 * Read file checks on pg_read_file() is added.

- Scale of patches:
 * r1710 (the latest revision)
   60 files changed, 3686 insertions(+), 10 deletions(-), 4952 modifications(!)
 * r1704 (previous revision)
   60 files changed, 4048 insertions(+), 11 deletions(-), 4944 modifications(!)

 ... about 300 lines were downsized.

- Remaining issue:
 * ACL_SELECT_FOR_UPDATE has same value with ACL_UPDATE, so SE-PostgreSQL
   checks db_table:{update} permission on SELECT ... FOR SHARE OF,
   instead of db_table:{lock} permission.

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <[email protected]>

--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

[HACKERS] Updates of SE-PostgreSQL 8.4devel patches (r1710)

Reply via email to