In yesterday's development meeting, we talked about the possibility of a basic SE-PostgreSQL implementation that checks permissions only for DML. Greg Smith offered the opinion that this could provide much of the benefit of SE-PostgreSQL for many users, while being much simpler. In fact, SE-PostgreSQL would need to get control in just one place: ExecCheckRTPerms. This morning, Stephen Frost and I worked up a quick patch showing how we could add a hook here to let a hypothetical SE-PostgreSQL module get control in the relevant place. The attached patch also includes a toy contrib module showing how it could be used to enforce arbitrary security policy.
I don't think that this by itself would be quite enough framework for a minimal SE-PostgreSQL implementation - for that, you'd probably need an object-labeling facility in core which SE-PostgreSQL could leverage - or else some other way to determine which the label associated with a given object - but I think that plus this would be enough. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise Postgres Company
executor_check_perms.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
