On 03/31/10 11:19 AM, Rainer Orth wrote:
Over the last couple of days, I've been working to set up an AI and IPS infrastructure for a ZFS-based sort of flash archive installation, based on the OSDevCon 2009 paper by Philip Torchinsky and Peter Karlsson:http://www.osdevcon.org/2009/program_detail.html#philip http://www.osdevcon.org/2009/slides/automated_deployment_of_hundreds_of_opensolaris_machines_philip_torchinsky.pdf http://voyager-eng.livejournal.com/1155.html While doing this, I've found and reported at least two serious security issues with both AI and IPS: 15362 AI manifests are installed world-readable http://defect.opensolaris.org/bz/show_bug.cgi?id=15362 I noticed that AI manifests are stored world readable on the AI server, leaving the passwords in the embedded SC manifests accessible to anyone with an account on the AI server. 15417 pkg.depotd lacks access control http://defect.opensolaris.org/bz/show_bug.cgi?id=15417
These are all open source projects; your code contributions are welcomed. -Shawn _______________________________________________ caiman-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
