James Carlson wrote: > Girish Moodalbail writes: >> "solaris.network.interface.read" >> >> Allows viewing of interface configurations (verified in library, >> libipadm.so.1) > > Anyone with the ability to issue the proper ioctls (which includes all > ordinary users, even those without that new authorization) can already > read the interface configuration ... so is the new 'read' > authorization necessary? > > (I think it'd make sense to have this authorization if you had a > separate daemon that was managing the configuration -- the daemon > could check necessary authorizations when granting access -- but since > you're doing this all without a daemon, I'm not seeing where the point > of enforcement is supposed to be. It's not as though libraries have > privileges on their own ...)
Thats correct. I don't think having solaris.network.interface.read authorization is necessary. > >> ipadm(1M) would need 'sys_ip_config' privilege to configure system's IP >> interfaces and to configure network parameters/tunables. Further, >> ipadm(1M) would also need 'file_dac_write' to write to ipadm repository, >> maintained at '/etc/ipadm/ipadm.conf', via library libipadm.so.1. > > file_dac_write seems a little heavy ... though I guess the only > alternative is creating a daemon in the same manner as dlmgmtd. > > Does the new library somehow help the application to bracket the use > of that privilege so that the use is "safe enough"? I guess, we could provide some 'privileges bracketing', using functions defined in <priv.h>, allowing the 'file_dac_write' to be enabled only when needed and will be disabled for the most part. /sbin/ipadm should start with that privilege turned off. Inside the library, while doing the persistence, we will enable the privilege and once the persistence is done we will disable the privilege. thanks ~Girish
