Adding support for SE-Linux security
in [PgSql]
|
From: Josh Berkus on 2 Dec 2009 13:53 Bruce, > If we decide not to support SE-Linux, it is unlikely we will be adding > support for any other external security systems because SE-Linux has the > widest adoption. > > I think the big question is whether we are ready to extend Postgres to > support additional security infrastructures. PostgreSQL is the most security-conscious of the OSS databases, and is widely used by certain groups (security software, military, credit card processing) precisely because of this reputation. These folks, while unlikely to speak up on -hackers, are interested in new/further security features; when I was at the Pentagon 2 years ago several people there from HS were quite interested in SE-Postgres specifically. Further, I've been mentioning SE-Postgres in my "DB security talk" for the last 18 months and I *always* get a question about it. So while there might not be vocal proponents for innovative/hard-core security frameworks on this list currently, I think it will gain us some new users. Maybe more than we expect. When GIS was introduced to this list ten years ago it was criticized as a marginal feature and huge and intrusive. But today it's probably 40% of our user base, and growing far more rapidly than anything else with Postgres. Maybe SE will be more like Rules than like GIS in the long run, but there's no way for us to know that today. --Josh Berkus -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Tom Lane on 2 Dec 2009 15:37 Josh Berkus <josh(a)agliodbs.com> writes: > When GIS was introduced to this list ten years ago it was criticized as > a marginal feature and huge and intrusive. But today it's probably 40% > of our user base, and growing far more rapidly than anything else with > Postgres. Maybe SE will be more like Rules than like GIS in the long > run, but there's no way for us to know that today. What we do know is that GIS could be, and was, successfully developed outside core Postgres. It didn't need to suck away a major portion of the effort of the core developers. So it's not a very good analogy. In the end this is a debate about what the community should do with its finite development resources. Maybe, if we build this thing, they will come and we'll get so much additional contribution that it'll be a win all around. But somehow, alleged users who won't even decloak enough to tell us they want it don't seem like likely candidates for becoming major contributors. In words of one syllable: I do not care at all whether the NSA would use Postgres, if they're not willing to come and help us build it. If we tried to build it without their input, we'd probably not produce what they want anyway. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: KaiGai Kohei on 2 Dec 2009 19:27 Josh Berkus wrote: > Bruce, > >> If we decide not to support SE-Linux, it is unlikely we will be adding >> support for any other external security systems because SE-Linux has the >> widest adoption. >> >> I think the big question is whether we are ready to extend Postgres to >> support additional security infrastructures. > > PostgreSQL is the most security-conscious of the OSS databases, and is > widely used by certain groups (security software, military, credit card > processing) precisely because of this reputation. These folks, while > unlikely to speak up on -hackers, are interested in new/further security > features; when I was at the Pentagon 2 years ago several people there > from HS were quite interested in SE-Postgres specifically. Further, > I've been mentioning SE-Postgres in my "DB security talk" for the last > 18 months and I *always* get a question about it. > > So while there might not be vocal proponents for innovative/hard-core > security frameworks on this list currently, I think it will gain us some > new users. Maybe more than we expect. Good, I also have gotten many voices, questions and requirements from the viewpoints of enterprise users who make plans to launch their SaaS system typically. Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai(a)ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: KaiGai Kohei on 2 Dec 2009 19:32 Tom Lane wrote: > Josh Berkus <josh(a)agliodbs.com> writes: >> When GIS was introduced to this list ten years ago it was criticized as >> a marginal feature and huge and intrusive. But today it's probably 40% >> of our user base, and growing far more rapidly than anything else with >> Postgres. Maybe SE will be more like Rules than like GIS in the long >> run, but there's no way for us to know that today. > > What we do know is that GIS could be, and was, successfully developed > outside core Postgres. It didn't need to suck away a major portion of > the effort of the core developers. So it's not a very good analogy. > > In the end this is a debate about what the community should do with its > finite development resources. Maybe, if we build this thing, they will > come and we'll get so much additional contribution that it'll be a win > all around. But somehow, alleged users who won't even decloak enough > to tell us they want it don't seem like likely candidates for becoming > major contributors. > > In words of one syllable: I do not care at all whether the NSA would use > Postgres, if they're not willing to come and help us build it. If we > tried to build it without their input, we'd probably not produce what > they want anyway. I don't know any reputations of NSA in US, except for Hollywood often makes them baddie in movies. However, it is the fact SELinux is already an open source software supported by people and corporations in multiple nations including former communist nations, not only USA and its allied nations. Needless to say, NEC is also a supporter to develop and maintain SE-PgSQL feature. We believe it is a necessity feature to construct secure platform for SaaS/Cloud computing, so my corporation has funded to develop SE-PgSQL for more than two years. As I noted before, if you worried about I escape anyware, it is quite incorrect. Now I've been working to develop and integrate SE-PgSQL in full-time. We can also say SELinux community provides a development resource to other OSS communities. For example, the recent version of Xorg has SELinux support in userspace, such as SE-PgSQL, by the developer who originally worked in SELinux community. SE-PgSQL is a similar case. Anyway, I don't think we should build barrier between communities. Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai(a)ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Andrew Dunstan on 2 Dec 2009 19:47
KaiGai Kohei wrote:. > Needless to say, NEC is also a supporter to develop and maintain > SE-PgSQL feature. We believe it is a necessity feature to construct > secure platform for SaaS/Cloud computing, so my corporation has funded > to develop SE-PgSQL for more than two years. > > As I noted before, if you worried about I escape anyware, it is quite > incorrect. Now I've been working to develop and integrate SE-PgSQL in > full-time. > > We can also say SELinux community provides a development resource to > other OSS communities. For example, the recent version of Xorg has > SELinux support in userspace, such as SE-PgSQL, by the developer who > originally worked in SELinux community. SE-PgSQL is a similar case. > Anyway, I don't think we should build barrier between communities. > > > I think you have been remarkably good about our caution in accepting this. You certainly have my admiration for your patience. What would probably help us a lot would be to know some names of large users who want and will support this. NEC's name is a good start, but if a few other enterprise users spoke up it would help to make the decision a lot easier. My own experience with SE-Linux has been fairly unfortunate - I have tripped over it too many times and years ago adopted a practice of turning it off whenever I could. I suspect many people have similar war stories, and there will thus probably be quite some resistance to a feature I accept could well be of significant use to some classes of users. cheers andrew -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers |