Heikki, it is the list of updated patches:
http://sepgsql.googlecode.com/files/sepgsql-core-8.4devel-r1710.patch
http://sepgsql.googlecode.com/files/sepgsql-utils-8.4devel-r1710.patch
http://sepgsql.googlecode.com/files/sepgsql-policy-8.4devel-r1710.patch
http://sepgsql.googlecode.com/files/sepgsql-docs-8.4devel-r1710.patch
http://sepgsql.googlecode.com/files/sepgsql-tests-8.4devel-r1710.patch
- List of updates:
* Permission checks on SET/SHOW were removed.
* Add a new permission: db_database:{superuser}
sepgsqlCheckDatabaseSuperuser() is invoked from superuser_arg()
to check whether the clietn can perform as a superuser in this
database, or not.
* Permission checks on procedure installation is separated.
* Permission checks on install/load C-libraries are separated.
* Read file checks on pg_read_file() is added.
- Scale of patches:
* r1710 (the latest revision)
60 files changed, 3686 insertions(+), 10 deletions(-), 4952 modifications(!)
* r1704 (previous revision)
60 files changed, 4048 insertions(+), 11 deletions(-), 4944 modifications(!)
... about 300 lines were downsized.
- Remaining issue:
* ACL_SELECT_FOR_UPDATE has same value with ACL_UPDATE, so SE-PostgreSQL
checks db_table:{update} permission on SELECT ... FOR SHARE OF,
instead of db_table:{lock} permission.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kai...@ak.jp.nec.com>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
