Re: Updates of SE-PostgreSQL 8.4devel patches

KaiGai Kohei wrote:
> Bruce Momjian wrote:
>> KaiGai Kohei wrote:
>>> Bruce Momjian wrote:
>>>> I think we could use row-level access control to prevent people from
>>>> seeing databases they should not see in pg_database.
>>> The row-level database ACL which I submitted yesterdat does not allow
>>> to assign ACLs to tuples within system catalogs (like pg_database),
>>> because it is unclear who should be the owner of tuples.
>>>
>>> As I noted at the previous message, it considers the owner of the table
>>> as the owner of the tuples due to several reasons. However, some of 
>>> system
>>> catalogs have its owner field like "pg_proc.proowner".
>>> This limitation is not a fundamental one, so we can remove it soon.
>>>
>>> But, who should be the owner of tuples within system catalogs which have
>>> some kind of "owner" field.
>>
>> The Postgres super-user should be the owner of all system tables.
> 
> OK, I'll update it soon.

I updates my patches:
[1/6] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1130.patch
[2/6] http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r1130.patch
[3/6] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1130.patch
[4/6] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1130.patch
[5/6] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1130.patch
[6/6] http://sepgsql.googlecode.com/files/sepostgresql-row_acl-8.4devel-3-r1130.patch

List of updates:
- Fixbug: security identifier was not handled correctly on TOAST table          when we repeat to enable/disable the
securityfeature.
 
- RowACL: remove limitation on system catalogs
- RowACL: the default behavior is changed when we access tuples with no          row-level ACL. The previous version
appliesACL inherited from          its table, but the newer one allows anything to public, because          the
previousbehavior makes problem when you restrict access via          VIEWs.
 
- RowACL: bugfix when we provide an empty string as a new row-level ACL.


* An example to limit the list of pg_database

[kaigai@saba ~]$ psql postgres
psql (8.4devel)
Type "help" for help.

postgres=# CREATE DATABASE test1;
CREATE DATABASE
postgres=# CREATE DATABASE test2;
CREATE DATABASE
postgres=# CREATE DATABASE test3;
CREATE DATABASE
postgres=# UPDATE pg_database SET tuple_acl = '{ymj=r/kaigai}'                 WHERE datname like 'test%';
UPDATE 3
postgres=# UPDATE pg_database SET tuple_acl = rowacl_revoke(tableoid, tuple_acl, 'ymj', 'all')                 WHERE
datname= 'test2';
 
UPDATE 1
postgres=# \l                                     List of databases   Name    | Owner  | Encoding |  Collation  |
Ctype   |       Access Privileges
 
-----------+--------+----------+-------------+-------------+------------------------------- postgres  | kaigai | UTF8
 | en_US.UTF-8 | en_US.UTF-8 | template0 | kaigai | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
{=c/kaigai,kaigai=CTc/kaigai}template1 | kaigai | UTF8     | en_US.UTF-8 | en_US.UTF-8 | {=c/kaigai,kaigai=CTc/kaigai}
test1    | kaigai | UTF8     | en_US.UTF-8 | en_US.UTF-8 | test2     | kaigai | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
test3    | kaigai | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
 
(6 rows)

postgres=# \q

(*) kaigai (superuser) can see test1, test2 and test3.

[kaigai@saba ~]$ psql -Uymj postgres
psql (8.4devel)
Type "help" for help.

postgres=> \l                                     List of databases   Name    | Owner  | Encoding |  Collation  |
Ctype   |       Access Privileges
 
-----------+--------+----------+-------------+-------------+------------------------------- postgres  | kaigai | UTF8
 | en_US.UTF-8 | en_US.UTF-8 | template0 | kaigai | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
{=c/kaigai,kaigai=CTc/kaigai}template1 | kaigai | UTF8     | en_US.UTF-8 | en_US.UTF-8 | {=c/kaigai,kaigai=CTc/kaigai}
test1    | kaigai | UTF8     | en_US.UTF-8 | en_US.UTF-8 | test3     | kaigai | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
 
(5 rows)

(*) ymj (normal user) cannot see test2 because kaigai revoked it.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>