Re: [PATCH] SE-PostgreSQL Security Policy

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joshua Brindle <method@manicmethod.com>
To: Kohei KaiGai <kaigai@ak.jp.nec.com>
Cc: "Christopher J. PeBenito" <cpebenito@tresys.com>, selinux@tycho.nsa.gov
Subject: Re: [PATCH] SE-PostgreSQL Security Policy
Date: Thu, 06 Mar 2008 13:51:41 -0500	[thread overview]
Message-ID: <47D03D3D.8060307@manicmethod.com> (raw)
In-Reply-To: <1204817238.3994.59.camel@gorn.columbia.tresys.com>

Christopher J. PeBenito wrote:
> On Wed, 2008-02-27 at 17:00 +0900, Kohei KaiGai wrote:
>   
>> The attached patch provides security policies related to
>> SE-PostgreSQL.
>>
>> The followings are updates/unchanges from the previous version
>> submitted
>> at two weeks ago. These updates replaced most of the part in the
>> previous
>> one.
>>
>> - The targets of this patch are moved to services/postgresql.*,
>>    although the previous one added new entries.
>>     
>
>   
>> +tunable_policy(`sepgsql_enable_auditallow',`
>> +       auditallow domain sepgsql_database_type  : db_database all_db_database_perms;
>> +       auditallow domain sepgsql_table_type     : db_table all_db_table_perms;
>> +       auditallow domain sepgsql_table_type     : db_column all_db_column_perms;
>> +       auditallow domain sepgsql_procedure_type : db_procedure all_db_procedure_perms;
>> +       auditallow domain sepgsql_blob_type      : db_blob all_db_blob_perms;
>> +       auditallow domain sepgsql_server_type    : db_blob { import export };
>> +       auditallow domain sepgsql_module_type    : db_database { install_module };
>> +')
>>     

A couple questions about the install_module and load_module permissions. 
First they seem here to be refering to sepgsql_module_type as the object 
which currently are lib_t and textrel_shlib_t, file types. So the object 
class of db_database seems to be inaccurate.

Also, after looking at the code I don't see why install_module and 
load_module need to be different permissions, granted they are a 
privileged operation but why not collapse them into a single access vector?

Also, why are blobs a separate object class? How is it a privileged 
operation to use blobs in a table? As far as reading and writing them 
they should be treated like any other column, shouldn't they?

And one more question. I see you have a type transition for 
sepgsql_proc_t but I never saw sepgsql_proc_t as the subject of any 
rules, which I don't understand. The hooks appear to always use the 
client_sid as the subject but for stored procedures to be useful they 
may need to access data that the client wouldn't be able to, or did I 
miss something?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2008-03-06 18:51 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-13  9:29 [PATCH] SE-PostgreSQL Security Policy Kohei KaiGai
2008-02-25 16:30 ` Christopher J. PeBenito
2008-02-26  3:07   ` Kohei KaiGai
2008-02-27  8:00     ` Kohei KaiGai
2008-03-04 15:16       ` KaiGai Kohei
2008-03-06 15:27       ` Christopher J. PeBenito
2008-03-06 18:51         ` Joshua Brindle [this message]
2008-03-07  2:20           ` Kohei KaiGai
2008-03-07 16:16             ` Joshua Brindle
2008-03-08  1:33               ` KaiGai Kohei
2008-03-07  1:52         ` Kohei KaiGai
2008-03-07  9:32           ` Kohei KaiGai
2008-03-07 20:48           ` Christopher J. PeBenito
2008-03-09 14:24             ` KaiGai Kohei
2008-03-11 12:57               ` Christopher J. PeBenito
2008-03-11 16:57                 ` KaiGai Kohei
2008-03-12  8:42                   ` Kohei KaiGai
2008-03-17  9:31                 ` [PATCH] SE-PostgreSQL Security Policy (try #3) Kohei KaiGai
2008-03-19 14:45                   ` Christopher J. PeBenito
2008-03-21  4:32                     ` KaiGai Kohei
2008-03-21  5:11                       ` KaiGai Kohei
2008-03-24 18:44                       ` Christopher J. PeBenito
2008-03-25 10:35                         ` KaiGai Kohei
2008-03-25 13:24                           ` Christopher J. PeBenito
2008-03-27  9:52                             ` KaiGai Kohei
2008-03-27 13:23                               ` Christopher J. PeBenito
2008-03-28  4:50                                 ` KaiGai Kohei
2008-05-05 13:48                                   ` Christopher J. PeBenito
2008-05-12  2:31                                     ` KaiGai Kohei
2008-05-12 14:33                                       ` KaiGai Kohei
     [not found]                                         ` <1210615044.11188.17.camel@gorn>
2008-05-13  2:39                                           ` KaiGai Kohei
2008-03-10  7:52           ` [PATCH] SE-PostgreSQL Security Policy Kohei KaiGai
2008-03-11 12:30             ` Christopher J. PeBenito
2008-03-11 13:03               ` KaiGai Kohei

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47D03D3D.8060307@manicmethod.com \
    --to=method@manicmethod.com \
    --cc=cpebenito@tresys.com \
    --cc=kaigai@ak.jp.nec.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.