On Mon, Nov 7, 2011 at 12:20 PM, Kohei KaiGai wrote:
> If sepgsql would apply permission checks db_procedure:{install} on the
> OAT_POST_CREATE hook based on the funcion-oid within new entry of
> system catalog, we can relocate OAT_PREP_CREATE hook more conceptually
> right place, such as just aft
2011/11/1 Robert Haas :
> On Tue, Nov 1, 2011 at 1:32 PM, Kohei KaiGai wrote:
>> I tried to summarize permission checks of DAC/MAC on several object classes
>> that are allowed to assign security label right now.
>> http://wiki.postgresql.org/index.php?title=SEPostgreSQL/Permissions
>>
>> In most
On Tue, Nov 1, 2011 at 1:32 PM, Kohei KaiGai wrote:
> I tried to summarize permission checks of DAC/MAC on several object classes
> that are allowed to assign security label right now.
> http://wiki.postgresql.org/index.php?title=SEPostgreSQL/Permissions
>
> In most of checks, required contextual
2011/10/21 Robert Haas :
> On Fri, Oct 21, 2011 at 12:44 PM, Kohei KaiGai wrote:
>> I had checked my older implementation based on 8.4.x or 9.0.x that
>> includes all the features that I want to implement.
>> At least, it does not require so much different information from ones
>> needed by DAC mo
On Fri, Oct 21, 2011 at 12:44 PM, Kohei KaiGai wrote:
> I had checked my older implementation based on 8.4.x or 9.0.x that
> includes all the features that I want to implement.
> At least, it does not require so much different information from ones
> needed by DAC model, although SELECT INTO was a
> When someone comes along in another year or two and adds materialized
> views, will they need to pass some additional data to the object
> access hook? Probably, but I bet you're the only one who can quickly
> figure out what it is. That's no good. We're not going to make
> changes to PostgreS
On Wed, Oct 19, 2011 at 6:18 AM, Kohei KaiGai wrote:
> 2011/10/18 Robert Haas :
>>> In the example table creation, heap_create_with_catalog() is invoked
>>> by 5 routines, however, 3 of them are just internal usages, so it is not
>>> preferable to apply permission checks on table creation
>>
>
2011/10/18 Robert Haas :
>> In the example table creation, heap_create_with_catalog() is invoked
>> by 5 routines, however, 3 of them are just internal usages, so it is not
>> preferable to apply permission checks on table creation
>
> Some wit once made the remark that if a function has 10 arg
On Tue, Oct 18, 2011 at 1:23 PM, Kohei KaiGai wrote:
> If you are suggesting DAC and MAC permissions should be checked
> on the same place like as we already doing at ExecCheckRTPerms(),
> I'd like to agree with the suggestion, rather than all the checks within
> object_access_hook, although it wi
2011/10/18 Robert Haas :
> On Tue, Oct 18, 2011 at 11:25 AM, Kohei KaiGai wrote:
>> For example, I hope sepgsql to perform as follows when user create a new
>> table.
>> - It computes a default security label that needs Oid of the namespace.
>> - It checks db_table:{create} permission on the secu
On Tue, Oct 18, 2011 at 11:25 AM, Kohei KaiGai wrote:
> For example, I hope sepgsql to perform as follows when user create a new
> table.
> - It computes a default security label that needs Oid of the namespace.
> - It checks db_table:{create} permission on the security label being computed.
> -
2011/10/18 Robert Haas :
> On Thu, Oct 13, 2011 at 6:48 AM, Kohei KaiGai wrote:
>> struct ObjectAccessInfoData {
>> ObjectAccessType oa_type;
>> ObjectAddress oa_address;
>> union {
>> struct {
>> HeapTuple newtuple;
>>
On Thu, Oct 13, 2011 at 6:48 AM, Kohei KaiGai wrote:
> struct ObjectAccessInfoData {
> ObjectAccessType oa_type;
> ObjectAddress oa_address;
> union {
> struct {
> HeapTuple newtuple;
> TupleDesc tupdesc; /* on
Robert,
I agree with it is a reasonable argument that compiler cannot raise warnings
if all the arguments are delivered as Datum. In fact, I also tried to implement
this feature with InvokeObjectAccessHook() defined as function.
The first needed point to be improved is that we hope compiler to ra
On Thu, Sep 29, 2011 at 4:52 PM, Kohei KaiGai wrote:
> I noticed that the previous revision does not provide any way to inform
> the modules name of foreign server, even if foreign table was created,
> on the OAT_POST_CREATE hook.
> So, I modified the invocation at heap_create_with_catalog to deli
BTW, I remember that I was suggested the object-access-hooks to acquire
controls around changes of system catalogs are also useful to implement
clustering features, not only enhanced security features, when I had a talk
at PGcon2001.
It might be my mistake that I categorized this patch at the "sec
I noticed that the previous revision does not provide any way to inform
the modules name of foreign server, even if foreign table was created,
on the OAT_POST_CREATE hook.
So, I modified the invocation at heap_create_with_catalog to deliver
this information to the modules.
Rest of parts were uncha
The attached patch is a draft to support arguments in addition to
OAT_* enum and object identifiers.
The existing object_access_hook enables loadable modules to acquire
control when objects are referenced. The first guest of this hook is
contrib/sepgsql for assignment of default security label on
18 matches
Mail list logo
