Tom Lane wrote: > Ron Mayer <rm...@cheapcomplexdevices.com> writes: >> As far as I can tell, the community feels interested in the >> feature set; but relatively unable to contribute since none >> of the people have that much of a security background. It >> seems the best way to fix that would be to get more people >> with a security background more involved. > > It's experience with the Postgres code base that I'm worried about. > I don't question KaiGai-san's security background; I do doubt that > he knows where all the skeletons are buried in the PG backend. > A couple of very recent examples of that: his patch to fix a problem > with inheritance of column privileges was approximately the right thing, > but inefficiently duplicated the functionality of nearby code: > http://archives.postgresql.org/pgsql-hackers/2009-03/msg00196.php > and it didn't take Heikki long at all to note an oversight in the part > of the latest sepostgres patch that attempted to confine superusers' > file read/write abilities: > http://archives.postgresql.org/pgsql-hackers/2009-03/msg00446.php
Indeed, I have less than three years experience of development in PostgreSQL backend. However, I don't believe it is a productive discussion to point out such kind of failures. At least, I think it is worthwhile to report bugs/submit patches much more than keeping silent with being afraid of failures. If submitted patches are not still enough elegant, we can fix and improve them via discussions. > More generally, there's been no discussion or community buy-in on > design questions such as whether the patch should even try to confine > superusers on such a fine-grained basis. (I agree with Heikki's > thought that this may be a lost cause given our historical design > assumption that superusers can do anything.) > > So I remain strongly of the opinion that what this patch lacks is > review from longtime PG hackers. It's not the security community > that is missing from the equation. Two months ago, I agreed to postpone some of features especially hot in discussion, to reduce the scale of patches and burden of reviewers on the v8.4 development phase. In addition, I also reduced more than 1,000 lines as Heikki suggested. Its purpose is to focus the points to be discussed. I would like to have a productive discssion. -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers