(2011/01/20 13:01), Robert Haas wrote: > 2011/1/19 KaiGai Kohei<kai...@ak.jp.nec.com>: >>> And how about adding a >>> ProcessUtility_hook to trap evil non-DML statements that some >>> nefarious user might issues? >>> >> It seems to me reasonable as long as the number of controlled command >> are limited. For example, LOAD command may be a candidate being >> controlled without exceptions. >> However, it will be a tough work, if the plug-in tries to parse and >> analyze supplied utility commands by itself. > > I think the key is to either accept or reject the command based on > very simple criteria - decide based only on the command type, and > ignore its parameters. > I can understand this idea, however, it is hard to implement this criteria, because SELinux describes all the rules as a relationship between a client and object using their label, so we cannot know what actions (typically represented in command tag) are allowed or denied without resolving their object names.
>> I uploaded my draft here. >> http://wiki.postgresql.org/wiki/SEPostgreSQL_Documentation >> >> If reasonable, I'll move them into *.sgml style. > > I have yet to review that, but will try to get to it before too much > more time goes by. > OK, I try to translate it into *.sgml format. >> I may want to simplify the step to installation using an installer >> script. > > OK, but let's get this nailed down as soon as possible. Tempus fugit. > I like to give my higher priority on the ProcessUtility_hook, rather than installation script. Thanks, -- KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
