Sorry, I missed a permission check on invocation of trusted procedures.

When client's label getting switched to Y from X, we needed to check
process:transition permission between label X and label Y.
It is same manner when OS launches a program with a special label to
cause domain transition.

The attached patch adds checks this permission when user tries to
invoke a trusted procedure and switch security label of the client.
In addition, it also adds a case of regression test of this problem.

Thanks,
--
NEC Europe Ltd, SAP Global Competence Center
KaiGai Kohei <kohei.kaigai@eu.nec.com>

Search Discussions

  • Robert Haas at Apr 4, 2011 at 5:26 pm

    On Mon, Apr 4, 2011 at 11:01 AM, Kohei Kaigai wrote:
    Sorry, I missed a permission check on invocation of trusted procedures.

    When client's label getting switched to Y from X, we needed to check
    process:transition permission between label X and label Y.
    It is same manner when OS launches a program with a special label to
    cause domain transition.

    The attached patch adds checks this permission when user tries to
    invoke a trusted procedure and switch security label of the client.
    In addition, it also adds a case of regression test of this problem.
    Committed.

    --
    Robert Haas
    EnterpriseDB: http://www.enterprisedb.com
    The Enterprise PostgreSQL Company

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppgsql-hackers @
categoriespostgresql
postedApr 4, '11 at 3:46p
activeApr 4, '11 at 5:26p
posts2
users2
websitepostgresql.org...
irc#postgresql

2 users in discussion

Kohei Kaigai: 1 post Robert Haas: 1 post

People

Translate

site design / logo © 2022 Grokbase