| |||||||||||||
SELinux and PostgreSQL: a worthwhile union?SELinux and PostgreSQL: a worthwhile union?Posted Dec 6, 2009 7:00 UTC (Sun) by yodermk (subscriber, #3803)Parent article: SELinux and PostgreSQL: a worthwhile union?
Can anyone give an example of some kind of malicious access that this could prevent but the excellent Postgres permission structure could not? Especially since they took out row-level labels. Maybe I don't get it.
(Log in to post comments)
SELinux and PostgreSQL: a worthwhile union? Posted Dec 6, 2009 17:32 UTC (Sun) by Los__D (guest, #15263) [Link]
Since SE-PgSQL only uses SELinux as a rights database, I think the idea is to reduce the amount of security interfaces admins has to work with, not to remove attack vectors.
SELinux and PostgreSQL: a worthwhile union? Posted Dec 7, 2009 2:22 UTC (Mon) by kaigai (subscriber, #12001) [Link]
> Can anyone give an example of some kind of malicious access that this
> could prevent but the excellent Postgres permission structure could not?
Can the page.24 of this slides help you?
It allows SELinux to perform a logical-wall to separate each virtual-hosts
SELinux and PostgreSQL: a worthwhile union? Posted Dec 10, 2009 9:10 UTC (Thu) by smurf (subscriber, #17840) [Link]
I'd hope that row-level access control will get back in, once the core feature has landed.
Any kind of multi-customer database can benefit from that. Last year I had to tell a customer that converting his single-client database solution to multi-client wasn't possible without major redesign. With row-level access control I'd have been able to make them happy (and me too, by billing them for a month or so of work ;-) ).
|
|||||||||||||