Thanks James for your fast response, my comments inline. James Carlson wrote: > Mayuresh Nirhali writes: > >> Does the project integrate any private non-public files into >> /etc/default >> or /etc/ configuration files? >> [X] Yes - ARC review required >> [ ] No >> > > I thought all of the project's configuration files were public, not > private. I don't see any private files in /etc listed in the > interface table. > > What private bits are shipped via /etc? (Note that "uncommitted" is a > public stability level.) > > The answer should be 'No', sorry. The updated proposal is attached. >> Are there any setuid/setgid privileged binaries in the project? >> [X] Yes - ARC review required >> [ ] No - continue with next section (section 3.4.3) >> > > The previous response said that there weren't any setuid or setgid > binaries. I'm confused. > > If you deliver RBAC bits (such as exec_attr) and/or an SMF manifest, > then the binary itself often isn't setuid. > > Sorry for the confusion here, the previous response was incorrect as I mentioned in my earlier mail. Dante makes a lot of seteuid/geteuid calls. My understanding is that, Call to seteuid/geteuid allows all the users to run such binary (ofcourse if the 's' bit is set). and We are using roles (RBAC) to prevent non-privileged users to run dante server. Using roles (RBAC) here means that the seteuid/geteuid calls are really not needed. please correct me if I am wrong.
I have added some more comments in answer to that question in the proposal. >> Are passwords stored within the file system for the component? >> [ ] Yes >> [X] No - continue to next section (section 3.4.6) >> > > I thought it was possible to include user names and passwords in the > configuration files, if you configure without PAM. > Dante checks for SOCKS_USERNAME & SOCKS_PASSWORD variables in the environment. It does not look at the config files. am I missing anything here ? Thanks Mayuresh -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dante-proposal_v3.txt URL: <http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20081021/68b2f7ee/attachment.txt>
