On Thu, May 20, 2010 at 12:32 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Robert Haas <robertmh...@gmail.com> writes: >> In yesterday's development meeting, we talked about the possibility of >> a basic SE-PostgreSQL implementation that checks permissions only for >> DML. Greg Smith offered the opinion that this could provide much of >> the benefit of SE-PostgreSQL for many users, while being much simpler. >> In fact, SE-PostgreSQL would need to get control in just one place: >> ExecCheckRTPerms. This morning, Stephen Frost and I worked up a quick >> patch showing how we could add a hook here to let a hypothetical >> SE-PostgreSQL module get control in the relevant place. The attached >> patch also includes a toy contrib module showing how it could be used >> to enforce arbitrary security policy. > > Hm, I think you need to ignore RT entries that have no requiredPerms > bits set. (Not that it matters too much, unless you were proposing to > actually commit this contrib module.)
Well, that's an easy change - just out of curiosity, how do we end up with RT entries with no requiredPerm bits set? As for committing it, I would definitely like to commit the actual hook. If we want the hook without the contrib module that's OK with me, although I generally feel it's useful to have examples of how hooks can be used, which is why I took the time to produce a working example. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise Postgres Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
