Thanks Joshua and Casey
Joshua, I accept that Thank you ( I expressed that I was asking from
practical perspective for now )
especially thank you Mr. KaiGai, I didn't want to criticize actually,
sometimes I stick too much to the regulations and see everything from
applied part of the spectrum, I respect you and your works, Keep up the
good works,
Best Regards,
Patrick K.
On 12/9/2010 3:07 PM, Joshua Brindle wrote:
The answer is that there have been a few iterations of "the whole nine
yards" wrt MAC on Postgres. The upstream developers were never
interested in reviewing a patch that large or intrusive and finally a
compromise was struck to begin merging parts that are less intrusive
while making improvements to the entire codebase and preparing to
integrate more access control.
If you don't believe me go read both this list and the pgsql-hackers
list, there should be about 2000 emails of interest.
So it may not meet your needs today, but it is a very important step and
a long time coming.
cto@xxxxxxxxxxxxxxxxxx wrote:
Casey,
The problem is you just stuck to one part of the argument and do not
see the
broad picture,
I never claimed anything ( here at least ), I just asked what is the
practical
purpose of SE-PostgreSQL and it had one line answer,
"creating trusted DBMS daemon", and I see that
and of course nobody claims that the SE-PostgreSQL is a done project
so one has to wait until SE-PostgreSQL reaches the point,
I told it is possible to put databases on separate systems by
classification,
NOT SUCH a BIG DEAL, (while maintaining other forms of security measure
including filesystem encryption and etc.)
THIS IS ACTUALLY BEING UTILIZED as I'm aware of
and there are Trusted Daemons nobody says there is no trusted daemon,
The point is right now I think PostgreSQL is not qualified as a
trusted daemon
but even right now you can use something like that in isolation, without
combining classifications
SO THIS IS MY QUESTION NOW:
I would be very glad if anybody provides any documentation that
PostgreSQL is
currently treated as trusted daemon,
and thanks for your recommendation,
With all due respect to everybody especially KaiGai,
Let me clear that out, there is no objection of any kind on
development of
something, but what you claimed are not available at Postgres right
now, and
there are so many missing parts not just access control, and the point
that it
is being acceptable as trusted system is just a goal
Best Regards,
Patrick K.
On 12/9/2010 12:47 PM, Casey Schaufler wrote:
On 12/9/2010 8:46 AM, cto@xxxxxxxxxxxxxxxxxx wrote:
Joshua,
Postgres is inherently trusted with it's own objects, the kernel
cannot
mitigate that.
Aha that's the point, daemons cannot be trusted, in case of DBMS it
must be
isolated anyway, (System Security wise)
I think that we can stop right here. Patrick, you need to go read up
on the composition of trusted systems. You also need to put a little
time into learning about their history. There were almost as many
Orange Book evaluations on multi-level secure databases as there were
on operating systems. All of the evaluated operating systems, with
the possible exception of SC/MP, made heavy use of trusted daemons.
Applications that enforce system policy are an expected and important
part of any security solution.
Patrick, the evidence is against your claims. Please have a look at
the literature and come back if you have questions.
Thank you.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to
majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx
with
the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
