Thread

  1. [PATCH] Cleanup existing PG privileges - database, schema

    Kouhei Kaigai <kaigai@ak.jp.nec.com> — 2009-12-16T05:58:32Z

    The attached patch is a draft for the discussion.
    
    It cleans up the existing PG privileges checks related to databases
    and schemas, and consolidates points where it applies privileges
    checks as a groundwork for the upcoming security framework.
    
    We have tried a few approaches to implement SE-PgSQL for this year,
    however, it has a bit high hurdle to join development, because it
    tried to separate features unless it loses something useful.
    It naturally holds two parts within a patch. The one is modification
    to the core routines. The other is selinux specific code.
    The selinux-specific part was hurdle for pgsql-folks, and the core
    pgsql part was hurdle for selinux-folks.
    
    Under the CF#3, we had a fruitful discussion, especially BWPUG
    meeting. Again, Stephen Frost suggested to start the development
    from a common security framework for both of security models.
    
    http://wiki.postgresql.org/wiki/SEPostgreSQL_Review_at_the_BWPUG#PostgreSQL_security_check_cleanup
    
    It allows us to focus on the pure pgsql part, without any selinux
    specific part at the moment.
    
    In the CF#2, I tried to rework anything with a single patch, but this
    approach was wrong, too large. So, I'll try to separate the changeset
    smaller, per object class basis.
    
    This patch is a groundwork before the security framework.
    The existing PG checks requires multiple permission checks in separate
    places for a single operation, but it makes harder to replace these
    inlined permission checks by security hooks.
    It tries to consolidate multiple separate permission checks into same
    place for database and schema, as a discussion draft.
    
    * LookupCreationNamespace
     It checks CREATE permission on the reuiqred schema, when ALTER with
     SCHEMA TO option. It will be consolidated to check_*_alter_schema()
     hooks, so I removed this check and moved to the caller.
    
    * createdb movedb
     It repeats name resolve and permission checks if necessary.
     So, I consolidate permission checks in a same place.
    
    $ diffstat pgsql-01-ground-work-8.5devel-r2486.patch
     catalog/namespace.c     |   11 --!!!
     commands/dbcommands.c   |   89 ++++++++++++++++++++++++--------------------!!!
     commands/functioncmds.c |   11 ++++!
     commands/tablecmds.c    |   11 ++++!
     commands/typecmds.c     |   11 ++++!
     5 files changed, 72 insertions(+), 43 deletions(-), 18 modifications(!)
    
    Thanks,
    -- 
    OSS Platform Development Division, NEC
    KaiGai Kohei <kaigai@ak.jp.nec.com>