selinux December 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: Recent status of SE-PostgreSQL

Re: Recent status of SE-PostgreSQL

From: Ted Toth <txtoth_at_nospam>
Date: Wed Dec 08 2010 - 15:29:55 GMT
To: KaiGai Kohei <kaigai@ak.jp.nec.com>

Thanks for the update. Questions inline.

2010/12/7 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> I'd like to report the recent status of SE-PostgreSQL development,
> since I guess few number of people subscribing pgsql-hackers list.
>
> Now, the pgsql community is working on new features to the upcoming
> v9.1 releases. Although we don't come up the feature freeze yet,
> several fundamental features to support selinux are already merged,
> and these shall be released within the v9.1 release.
>
> The v9.1 of pgsql shall support label based mandatory access control
> by external security providers.
> The external security provider is a similar concept to LSM.
> It allows plugin modules to make access control decision based on
> its access control model such as SELinux, and the core pgsql calls
> the modules via security hooks.
>
> So, SE-PostgreSQL is now implemented as a plugin module of pgsql.
>
> Anyway, the upcoming v9.1 shall provide a mechanism to assign
> security label of database objects and security hooks on various
> strategic points (but not comprehensive yet).

Could you expand upon exactly what you mean here? Since this is not
'comprehensive' does that imply potential vulnerabilities?

>
> We will be able to assign security label using SECURITY LABEL
> statement in SQL (original enhancement of pgsql) by hand.
> It allows us to assign a certain label on a certain database
> objects. The given label is validated by plugin modules, then
> stored within system catalogs.
> In addition, post-object-creation hook enables to assign a default
> security label of the new database object on the creation time.
>
> Here are other new hooks; 'ExecutorCheckPerms' hook enables to
> make access control decision on DML statements (SELECT, UPDATE,
> INSERT and DELETE), 'ClientAuthentication' hook enables to
> obtain security label of the peer process using getpeercon(3)
> at beginning of the session, 'object_access' hook will enable
> to handle DDL permissions but not comprehensive yet.
>
> I expect a limited functionalities will be available in the
> v9.1 of PostgreSQL. It will be far from production level,
> but a great step towards the full features.
>
> The v9.1 will have feature freeze at the 15-Jun, then it may be
> released half years later. At the same time, merge window to the
> v9.2 will be open. So, I'll upstream rest of features; such as
> comprehensive DDL permissions, row-level access controls and so on.
>
> Thanks,
> --
> KaiGai Kohei <kaigai@ak.jp.nec.com>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>

Ted

-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.