On 12/9/2010 8:46 AM, cto@xxxxxxxxxxxxxxxxxx wrote: > Joshua, > > > Postgres is inherently trusted with it's own objects, the kernel cannot mitigate that. > > Aha that's the point, daemons cannot be trusted, in case of DBMS it must be isolated anyway, (System Security wise) I think that we can stop right here. Patrick, you need to go read up on the composition of trusted systems. You also need to put a little time into learning about their history. There were almost as many Orange Book evaluations on multi-level secure databases as there were on operating systems. All of the evaluated operating systems, with the possible exception of SC/MP, made heavy use of trusted daemons. Applications that enforce system policy are an expected and important part of any security solution. Patrick, the evidence is against your claims. Please have a look at the literature and come back if you have questions. Thank you. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
