-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/05/2013 10:01 PM, Stephen Frost wrote: > * Robert Haas (robertmh...@gmail.com) wrote: >> Now maybe that's fine. But given that, I think it's pretty >> important that we get the syntax right. Because if you're adding >> a feature primarily to add a more convenient syntax, then the >> syntax had better actually be convenient. > > I agree that we want to get the syntax correct, but also very clear > as it's security related and we don't want anyone surprised by what > happens when they use it. The idea, as has been discussed in the > past, is to then allow tying RLS in with SELinux and provide MAC.
That was my impression also. To help get closer to that point, since you were involved in the work on auto-updatable views: any hints on what might be needed to tackle making security barrier views updatable? There's a fun little wrinkle with MAC, by the way: functional indexes. We can't allow the creation of a functional index, even by the table owner, if it uses any non-LEAKPROOF operators and functions. Otherwise the user can write a function to leak the rows, then create an index using that function. That's not a problem for the current phase of RLS because the table owner is allowed to remove the RLS constraint directly. They can also add triggers that might leak rows via CASCADEs, etc. When MAC comes into the picture we'll need to impose limits on triggers and functional indexes added to rows. - -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSefGAAAoJELBXNkqjr+S2W6EH+wc3fM3GGoYjnietLfGiiFmA 4ea7sIcio9kdDap3dNpgnMW2NfEHu/OLxSptFGBjl3w4RfA1KSQaKcwupjmanPGa har7MylI4SKDRHB5LWZEgYrK1A3n/PTJUap3DFGhLJxAdCMM3AtQfcyHBoj/LXfZ 9o9KkpXfzFW2e4yuPR714rZMzfAgO+Jyij9WkcayNASw/0jnCuhCdBtg8mKU6mhz lC4KA0WGxXqCGDdKxPwVRSJTMoT8kBeUBf4lznSEeGspxCHb4GafMCFvhHarQ9WU +aBY1mw3ELFXqfPurLC5RZVQGYsygWfzrREJ+oHUJ3khgPR2djj0EAemK3lwO6M= =HYU7 -----END PGP SIGNATURE----- -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
