From: kaigai@kaigai.gr.jp (KaiGai Kohei)
Date: Mon, 19 Jan 2009 00:11:11 +0900
Subject: [refpolicy] [PATCH] Add a new permission to db_procedure
Message-ID: <4973468F.1010706@kaigai.gr.jp>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi,

The attached patch add a new permission named as "install" to db_procedure.

The purpose of this permission is to prevent malicious functions are invoked
as a part of server's internal tasks.

PostgreSQL allows user-defined functions to use its internal tasks.
For example, it can be used to implement an output/input handler of new data
types, an index access method, implementation of operator classes and so on.

When we defines a new type, it requires to specify its output/input handler
at least. No need to say, these functions should not be malicious ones,
because user implicitly invokes these function when he uses the type.
This permission is checked when we defines a new system catalog entry which
has a possibility to invoke user defined functions.

In the attached patch, only sepgsql_proc_t is allowed to { install }, because
any other user defined functions are not checked by DBA, so it is not safe to
use it as a part of internal/common processes.
If DBA want to apply user defined functions as a part of internal task, he has
to confirm its safeness and relabel to sepgsql_proc_t at first.

Please apply it, if no matter.

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: refpolicy-db_procedure.patch
Type: application/octect-stream
Size: 1994 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090119/db92cc45/attachment.bin