It was just a question. I wasn't stating that that's something we
ought to, or even can, limit once on the client. My concerns are:
1. on the server side. The current design proposes to copy and
store the executable in the install service, so it being something
other than a script seems undesirable to me.
2. since the target user are admins, we don't expect them to be
writing C code and compiling binaries to use, let alone making sure
its compatible in the AI environment. And for admins, it seems all
variety of scripts would be sufficient
3. we have the complication of "runnability" on the client. If its a
script, we at least know we can facilitate running that in the AI
environment. If its a compiled binary, we do not know that.
-ethan
On 05/03/10 12:25, [email protected] wrote:
Hi Ethan,
Just a quick question but why are we limiting the determination
mechanisim from being an executable or something wget'ed to the
system? It seems if the admin. needs something we don't provide for
doing their determination, then they should be able to use whatever
they want; they are limited by the "full read, limited write" motto.
I'd prefer we had a more constrained environment, in general, but
if derived is open to something executed, why are we constraining
arbitraryly on what that executable is?
Thank you,
Clay
[snip...]
5.2.6 Aren't necessarily restricted to a script, are we? A Python or
other executable would seem to be equally valid.
I was actually grouping Python with script. I will clarify that it can
be any shell, python or perl script. Do we really need to expand it
to be any type of executable? I suppose it could be, but as we
wanted to define this to be admin friendly, the scripting types
seemed to fulfill that.
I guess I'd turn it around: how would you prevent it from being any
garden variety executable?
If headed right, scripts can be identified using file(1)
Or, perhaps, how would you prevent a garden-variety executable from
being merely wrapped in a script?
Not sure why that would matter. Whatever is being wrapped
wouldn't end up on the client, and the script would fail when
calling it. ... but I think maybe what you are getting at is, what
if the script ended up doing a wget, and then executed what it got?
5.2.6.1 Ought to cover the principle ("full read, limited write") in
the aiuser account authorizations.
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
