Re: 8SEPostgres WAS: .4 release planning

Joshua Brindle <method@manicmethod.com>

From: Joshua Brindle <method@manicmethod.com>
To: Josh Berkus <josh@agliodbs.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, "Joshua D. Drake" <jd@commandprompt.com>, Robert Haas <robertmhaas@gmail.com>, Merlin Moncure <mmoncure@gmail.com>, "Jonah H. Harris" <jonah.harris@gmail.com>, Gregory Stark <stark@enterprisedb.com>, Simon Riggs <simon@2ndQuadrant.com>, Bruce Momjian <bruce@momjian.us>, Bernd Helmle <mailings@oopsware.de>, Peter Eisentraut <peter_e@gmx.net>, pgsql-hackers@postgresql.org, KaiGai Kohei <kaigai@kaigai.gr.jp>
Date: 2009-01-26T22:44:24Z
Lists: pgsql-hackers
Josh Berkus wrote:
> Joshua,
> 
>> So the security model has been looked at, though not the 
>> implementation and we do have a community of developers, users and 
>> customers interested in this work.
> 
> Can you please take a look at it ASAP, then?  In the next week, we will 
> probably decide on whether or not to defer SEPostgres until 8.5.  The 
> fact that we haven't gotten a sign-off from any security expert anywhere 
> is leaning the whole community towards "defer".
> 

Yes, I will look at them to the extent I am able. As I am not familiar with the 
postgresql codebase I won't be able to assert the correctness of the hook 
placement (that is, where the security functions are called with respect to the 
data they are protecting being accessed). The postgresql community should be 
more familiar with the hook call sites and hopefully can assist there.

I should be able to handle the security backend and determining whether it 
matches the security model we agreed on, but the hook placement is just as 
important since a misplaced or missing hook will allow access that should not be 
granted.

Joshua Brindle