Andrew Sullivan wrote:
In my vision, Apache assigns its contents handler an individual
security context based on HTTP authentication, source IP address
and so on just before web application invoked.
Because web applications works with individual least privilege set,
its accesses on filesystem are restricted by the security policy.
In a similar way, its accesses on databases are also restricted
via SE-PostgreSQL by same policy, by same privilege set.
I want to focus on this description, because you appear to be limiting
the problem scope tremendously here. We've moved from "general
security policy for database system" to "security policy for database
system as part of a web-application stack".
The "general security policy for database system" is an incorrect term.
SELinux does not cover database system only. It covers operating sytem
and application managing objects (like database object, X window, ...).
Thus, it should be talked as "general security policy for operating
system, database system and so on".
A web application stack is one of the most benefitical example.
Please consider what is contained within web-applications.
It accesses objects managed by operating system (like files),
objects managed by database system (like tables) concurrently,
but existing system does not alllow to manage them under a single
unified access control policy.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <[EMAIL PROTECTED]>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
