Re: [GENERAL] Data Packaging/Data Unpacking

[Kevin Grittner]

On Wed, Jan 13, 2016 at 2:57 PM, oleg yusim  wrote:

> Say, I got network package. The package was decrypted by OpenSSL. Where this
> data are, physically, at this moment?

Process-local memory for the PostgreSQL backend process associated
with the database connection.

> Opposite situation: we are about to send results of SELECT statement over
> the OpenSSL tunnel. Where are the data, physically, between the moment DB
> engine returned results for my query and moment the package was encrypted by
> OpenSSL?

Process-local memory for the PostgreSQL backend process associated
with the database connection.

--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company


-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] Data Packaging/Data Unpacking

[Kevin Grittner]

On Tue, Jan 12, 2016 at 10:00 PM, oleg yusim  wrote:

> Important: let's assume data at rest is encrypted using EFS and data at
> transit is encrypted using ciphers, provided by OpenSSL.
>
> So, with that in mind, please, help me to understand movement and location
> of the data between the moment when it is pulled from file system and
> encrypted as network package going through the SSL tunnel.
>
> And reversing it - between the moment network package arrived through the
> SSL tunnel is decrypted and the moment its content is placed into the file
> system.

At all times the data is present only in files owned by the OS user
which runs the database server or in RAM allocated to processes run
by that user.  Files and RAM are freed without overwrite; we count
on the OS to not gratuitously show the old values to processes
making new allocations.

--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company


-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] Data Packaging/Data Unpacking

[oleg yusim]

Kevin,

Thank you for your reply. I understand what you are saying, but I guess I
need a bit deeper understanding for my assessment. Let's dive a bit here:

Say, I got network package. The package was decrypted by OpenSSL. Where
this data are, physically, at this moment?

Opposite situation: we are about to send results of SELECT statement over
the OpenSSL tunnel. Where are the data, physically, between the moment DB
engine returned results for my query and moment the package was encrypted
by OpenSSL?

Thanks,

Oleg

On Wed, Jan 13, 2016 at 2:46 PM, Kevin Grittner  wrote:

> On Tue, Jan 12, 2016 at 10:00 PM, oleg yusim  wrote:
>
> > Important: let's assume data at rest is encrypted using EFS and data at
> > transit is encrypted using ciphers, provided by OpenSSL.
> >
> > So, with that in mind, please, help me to understand movement and
> location
> > of the data between the moment when it is pulled from file system and
> > encrypted as network package going through the SSL tunnel.
> >
> > And reversing it - between the moment network package arrived through the
> > SSL tunnel is decrypted and the moment its content is placed into the
> file
> > system.
>
> At all times the data is present only in files owned by the OS user
> which runs the database server or in RAM allocated to processes run
> by that user.  Files and RAM are freed without overwrite; we count
> on the OS to not gratuitously show the old values to processes
> making new allocations.
>
> --
> Kevin Grittner
> EDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>

Re: [GENERAL] Data Packaging/Data Unpacking

[David G. Johnston]

On Wed, Jan 13, 2016 at 2:19 PM, Kevin Grittner  wrote:

> On Wed, Jan 13, 2016 at 2:57 PM, oleg yusim  wrote:
>
> > Say, I got network package. The package was decrypted by OpenSSL. Where
> this
> > data are, physically, at this moment?
>
> Process-local memory for the PostgreSQL backend process associated
> with the database connection.
>
> > Opposite situation: we are about to send results of SELECT statement over
> > the OpenSSL tunnel. Where are the data, physically, between the moment DB
> > engine returned results for my query and moment the package was
> encrypted by
> > OpenSSL?
>
> Process-local memory for the PostgreSQL backend process associated
> with the database connection.
>

​In other words (?) while OpenSSL may be a separate project the method of
its use involves loading all relevant code into the process space​

​of PostgreSQL - specifically the process that was forked when the SSL
client connection was established.

David J.​

Re: [GENERAL] Data Packaging/Data Unpacking

[oleg yusim]

OK, Kevin, David,

Thanks you very much for explanation. Now who is the owner of this process?
My understanding is, data then located physically in RAM, in the memory
stack assigned by OS to this process. Now the question is who owns the
process?

Thanks,

Oleg

On Wed, Jan 13, 2016 at 3:29 PM, David G. Johnston <
david.g.johns...@gmail.com> wrote:

> On Wed, Jan 13, 2016 at 2:19 PM, Kevin Grittner  wrote:
>
>> On Wed, Jan 13, 2016 at 2:57 PM, oleg yusim  wrote:
>>
>> > Say, I got network package. The package was decrypted by OpenSSL. Where
>> this
>> > data are, physically, at this moment?
>>
>> Process-local memory for the PostgreSQL backend process associated
>> with the database connection.
>>
>> > Opposite situation: we are about to send results of SELECT statement
>> over
>> > the OpenSSL tunnel. Where are the data, physically, between the moment
>> DB
>> > engine returned results for my query and moment the package was
>> encrypted by
>> > OpenSSL?
>>
>> Process-local memory for the PostgreSQL backend process associated
>> with the database connection.
>>
>
> ​In other words (?) while OpenSSL may be a separate project the method of
> its use involves loading all relevant code into the process space​
>
> ​of PostgreSQL - specifically the process that was forked when the SSL
> client connection was established.
>
> David J.​
>

Re: [GENERAL] Data Packaging/Data Unpacking

[Kevin Grittner]

On Wed, Jan 13, 2016 at 3:54 PM, oleg yusim  wrote:

> Answer "postgres" would suffice.

But the user would not always be "postgres".  To be accurate, it is
the user which owns the files for the "cluster" (database instance)
and which runs the database service.  If a machine contains
multiple clusters it is (IMO) best practice, for both security and
operational reasons, to use a separate OS user for each cluster.

--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company


-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] Data Packaging/Data Unpacking

[David G. Johnston]

On Wed, Jan 13, 2016 at 2:37 PM, oleg yusim  wrote:

> OK, Kevin, David,
>
> Thanks you very much for explanation. Now who is the owner of this
> process? My understanding is, data then located physically in RAM, in the
> memory stack assigned by OS to this process. Now the question is who owns
> the process?
>
>
Who owns the PostgreSQL backend user process?​

​Typically the ​"postgres" user.
Who owns the "process" responsible for marshalling data back and forth from
RAM?  There isn't really a concept of "process" when dealing with system
resources.  The kernel is responsible for management of those resources.
Processes are a user-space concern.

There may be some here concerned with the deep workings of the various O/S
that PostgreSQL runs on but ultimately the answer, from PostgreSQL's
perspective, is that we use system APIs to request and use resources and
expect the underlying system to handle those securely.  If you want to know
how that layer works you should ask there since it seems out-of-scope for
this forum.

David J.

Re: [GENERAL] Data Packaging/Data Unpacking

[oleg yusim]

David,

Answer "postgres" would suffice. I have fairly decent idea of what happens
below that (you are right system utility - Memory Manager is what
marshaling data back and forth to RAM, abstracting absolute addresses from
application along the way, and once in RAM, security kernel of the system
protects data, terminating any process which tries to obtain data from
another process - provided data were not shared to begin with).

Thanks a lot for your consultation guys.

Oleg

On Wed, Jan 13, 2016 at 3:49 PM, David G. Johnston <
david.g.johns...@gmail.com> wrote:

> On Wed, Jan 13, 2016 at 2:37 PM, oleg yusim  wrote:
>
>> OK, Kevin, David,
>>
>> Thanks you very much for explanation. Now who is the owner of this
>> process? My understanding is, data then located physically in RAM, in the
>> memory stack assigned by OS to this process. Now the question is who owns
>> the process?
>>
>>
> Who owns the PostgreSQL backend user process?​
>
> ​Typically the ​"postgres" user.
> Who owns the "process" responsible for marshalling data back and forth
> from RAM?  There isn't really a concept of "process" when dealing with
> system resources.  The kernel is responsible for management of those
> resources.  Processes are a user-space concern.
>
> There may be some here concerned with the deep workings of the various O/S
> that PostgreSQL runs on but ultimately the answer, from PostgreSQL's
> perspective, is that we use system APIs to request and use resources and
> expect the underlying system to handle those securely.  If you want to know
> how that layer works you should ask there since it seems out-of-scope for
> this forum.
>
> David J.
>
>

Re: [GENERAL] Data Packaging/Data Unpacking

[oleg yusim]

Kevin,

It is understood. But doesn't change things from my perspective. It would
anyway be user, with sole access, nobody can elevate privileges to and only
root can su to. The name, in that case, is irrelevant, but answer postgres
gave me idea of the protection level here.

Thanks,

Oleg

On Wed, Jan 13, 2016 at 4:04 PM, Kevin Grittner  wrote:

> On Wed, Jan 13, 2016 at 3:54 PM, oleg yusim  wrote:
>
> > Answer "postgres" would suffice.
>
> But the user would not always be "postgres".  To be accurate, it is
> the user which owns the files for the "cluster" (database instance)
> and which runs the database service.  If a machine contains
> multiple clusters it is (IMO) best practice, for both security and
> operational reasons, to use a separate OS user for each cluster.
>
> --
> Kevin Grittner
> EDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>

[GENERAL] Data Packaging/Data Unpacking

[oleg yusim]

Greetings,

I have matching couple of security requirements, speaking about preserving
data confidentiality and integrity in PostgreSQL DB during packaging for
transmission / unpacking from transmission.

Important: let's assume data at rest is encrypted using EFS and data at
transit is encrypted using ciphers, provided by OpenSSL.

So, with that in mind, please, help me to understand movement and location
of the data between the moment when it is pulled from file system and
encrypted as network package going through the SSL tunnel.

And reversing it - between the moment network package arrived through the
SSL tunnel is decrypted and the moment its content is placed into the file
system.



For those interested, here are requirements themselves, quoted:

1) The DBMS must maintain the confidentiality and integrity of information
during preparation for transmission.

Information can be either unintentionally or maliciously disclosed or
modified during preparation for transmission, including, for example,
during aggregation, at protocol transformation points, and during
packing/unpacking. These unauthorized disclosures or modifications
compromise the confidentiality or integrity of the information.

Use of this requirement will be limited to situations where the data owner
has a strict requirement for ensuring data integrity and confidentiality is
maintained at every step of the data transfer and handling process.

When transmitting data, the DBMS, associated applications, and
infrastructure must leverage transmission protection mechanisms.

2) The DBMS must maintain the confidentiality and integrity of information
during reception.

Information can be either unintentionally or maliciously disclosed or
modified during reception, including, for example, during aggregation, at
protocol transformation points, and during packing/unpacking. These
unauthorized disclosures or modifications compromise the confidentiality or
integrity of the information.

This requirement applies only to those applications that are either
distributed or can allow access to data non-locally. Use of this
requirement will be limited to situations where the data owner has a strict
requirement for ensuring data integrity and confidentiality is maintained
at every step of the data transfer and handling process.

When receiving data, the DBMS, associated applications, and infrastructure
must leverage protection mechanisms.


Thanks,

Oleg