On Sat, Jul 25, 2009 at 07:23:22AM +0900, KaiGai Kohei wrote:
> Thanks, but I found an incorrect change at the trusted procedure section.
>
> Old)
> CREATE TABLE customer (
> cid integer primary key,
> cname varchar(32),
> credit varchar(32)
> - SECURITY_LABEL = 'system_u:object_r:sepgsql_secret_table_t:s0'
> - );
>
> New)
> CREATE TABLE customer (
> cid integer primary key,
> cname varchar(32),
> credit varchar(32)
> + ) SECURITY_LABEL = 'system_u:object_r:sepgsql_secret_table_t:s0';
>
> This example intends to assign "secret" label on the credit column,
> not whole of the table. Note that the default security context shall
> be assigned on the table and rest of columns in this case.
The show_credit() function in this section would seem to leak authority
as well; it seems possible to determine if customers exist that
otherwise may otherwise hidden. For example, imagine we have a row
in the customer table with cid=1 whose security label would normally
prevent. We can perform:
SELECT show_credit(1);
and, as far as I can tell, this call would succeed.
-- Sam http://samason.me.uk/