On Tue, 8 Jan 2008, Peter Memishian wrote:
> Yes, and based on a discussion Cathy and I had yesterday, we think it
> should be possible to change it to run as "dladm" instead ("noaccess"
> seems inappropriate since among other things, having the dlmgmtd door file
> owned by "noaccess" seems wrong). While we can try out using the "dladm"
> user,
I wonder, are there a class of networking daemons that will always need
to retain sufficient privileges to be able to destroy networking
capability (through adding/deleting addresses and routes, e.g.). I.e. is
there a difference between dlmgmtd and routing daemons, in terms of
security needs?
I ask, cause it Gary's reply about dropping to least-privileges without
also changing to a dedicated user apply also to Quagga, which should be
fixed really, and I wonder would it be appropriate to share IDs?
regards,
--
Paul Jakma,
Solaris Networking Sun Microsystems, Scotland
http://opensolaris.org/os/project/quagga tel: EMEA x73150 / +44 15066 73150
