James Falkner wrote: > ** Why not just use RBAC? > > There's already a "Software Installation" profile in Solaris which > allows the execution of the package tools. It runs the package > tools with uid of 0; this means that there's a simple path to > escalate this privilege into all privileges: just create a package > with a setuid root program. So no system administrator who is not > willing to give the application administrator full privileges will > grant this profile either.
> There's an interesting idea that it might be "safe" to delegate > installation this way if the packages that were installed were > restricted to ones cryptographically signed by "trusted" > suppliers. The trouble with this is that it requires the entire > certificate distribution and administraton problem to be solved > well, and despite the obvious advantages to doing that, nobody has > managed to do so yet. I don't want to be held up behind one of the > Big Problems. The parts you need for this in the package tools are already part of Solaris today. You can sign packages and require they verify at install time. You can set the trust anchors too. What isn't in Solaris and really has nothing to do with install or packaging is a Certificate Authority - ie the thing that issues and manages the life time of certs. VeriSign makes a huge load of cash running this as a business. -- Darren J Moffat
