From: KaiGai Kohei <kaigai@kaigai.gr.jp>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Joshua Brindle <jbrindle@tresys.com>,
casey@schaufler-ca.com, russell@coker.com.au,
selinux@tycho.nsa.gov,
"Christopher J. PeBenito" <cpebenito@tresys.com>
Subject: Re: [ANN] SE-PostgreSQL 8.2.3-1.0 alpha release
Date: Thu, 08 Mar 2007 23:34:03 +0900 [thread overview]
Message-ID: <45F01EDB.6050507@kaigai.gr.jp> (raw)
In-Reply-To: <1173360342.10467.25.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
> On Thu, 2007-03-08 at 22:12 +0900, KaiGai Kohei wrote:
>> Joshua Brindle wrote:
>>> Casey Schaufler wrote:
>>>> --- KaiGai Kohei <kaigai@kaigai.gr.jp> wrote:
>>>>
>>>>
>>>>
>>>>> I think unique identification for all tuples are
>>>>> difficult, because we can
>>>>> create a table without Oid (object id) or primary
>>>>> key to identify a tuple
>>>>> from outside of the table...
>>>>>
>>>>> BTW, the string representations of security contexts
>>>>> are stored in a separate
>>>>> table named as 'pg_selinux', defined with Oid (which
>>>>> have 4-byte length).
>>>>> In SE-PostgreSQL, any tuples have Oid of pg_selinux
>>>>> as a security context.
>>>>> Thus, storage consumption is limited.
>>>>>
>>>> How does this method compare to the schemes
>>>> used in the Oracle evaluated MLS DBMS?
>>>>
>>>>
>>> IIRC Oracle basically has polyinstanciated tables (using views) to
>>> implement MLS, which gives far less granularity and doesn't allow for
>>> labeled rows or columns. KaiGai's work leverages all the security models
>>> SELinux can use to allow for flexible policies. The technical decision
>>> to use another table to store the oid of the context seems appropriate,
>>> since that is how rdbms's operate in general.
>> I think the biggest difference is whether RDBMS utilizes the security
>> functionalities of operating system, or not.
>>
>> For example, SE-PostgreSQL obtains the security context of the client via
>> getpeercon(), and makes a decision with the security policy.
>> It enables to ensure a process with lower clearance cannot access secret
>> data, even if it is stored in database.
>
> You also should be leveraging the OS in protecting SE-PostgreSQL from
> interference by the client and ensuring that it is unbypassable for
> accessing the database. Are you just using the stock postgresql domain
> in the refpolicy at present? Any analysis of that domain and whether it
> meets your needs adequately? (side bar: it seems to have a lot of
> capabilities presently)
The security policy included in sepostgresql rpm package uses stock
postgresql_t domin in the refpolicy, almost as is.
I have not analyzed them yet.
Indeed, we should pay more attention for accessing the database
files directly.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
prev parent reply other threads:[~2007-03-08 14:34 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-05 12:29 [ANN] SE-PostgreSQL 8.2.3-1.0 alpha release KaiGai Kohei
2007-03-05 14:41 ` KaiGai Kohei
2007-03-07 16:17 ` Christopher J. PeBenito
2007-03-08 13:33 ` KaiGai Kohei
2007-03-08 13:33 ` Stephen Smalley
2007-03-08 14:50 ` KaiGai Kohei
2007-03-08 15:00 ` Stephen Smalley
2007-03-08 15:21 ` Joshua Brindle
2007-03-08 15:23 ` Joshua Brindle
2007-03-08 15:30 ` Stephen Smalley
2007-03-08 16:24 ` Eamon Walsh
2007-03-08 20:23 ` Stephen Smalley
2007-03-09 15:25 ` KaiGai Kohei
2007-03-09 16:37 ` Stephen Smalley
2007-03-12 17:10 ` Eamon Walsh
2007-03-12 17:50 ` Stephen Smalley
2007-03-08 17:30 ` Solaris 10 w/ Trusted Extensions vs SE Linux Comparison Fletcher, Boyd C. CIV US USJFCOM JFL J9935
2007-03-08 18:39 ` Fletcher, Boyd C. CIV US USJFCOM JFL J9935
2007-03-29 15:57 ` Karl MacMillan
2007-03-06 9:34 ` [ANN] SE-PostgreSQL 8.2.3-1.0 alpha release Russell Coker
2007-03-06 19:05 ` KaiGai Kohei
2007-03-06 19:17 ` Stephen Smalley
2007-03-06 22:36 ` Russell Coker
2007-03-07 14:01 ` KaiGai Kohei
2007-03-07 13:17 ` KaiGai Kohei
2007-03-07 14:58 ` Casey Schaufler
2007-03-07 15:58 ` James W. Hoeft
2007-03-07 16:01 ` Joshua Brindle
2007-03-08 13:12 ` KaiGai Kohei
2007-03-08 13:25 ` Stephen Smalley
2007-03-08 14:34 ` KaiGai Kohei [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45F01EDB.6050507@kaigai.gr.jp \
--to=kaigai@kaigai.gr.jp \
--cc=casey@schaufler-ca.com \
--cc=cpebenito@tresys.com \
--cc=jbrindle@tresys.com \
--cc=russell@coker.com.au \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.