Liane Praza wrote:
> 3.2 New privileges
>
> In order to be able to reliably identify a process contract based
> on the service FMRI value, we will require privilege to set the
> term in the process contract template. There is no current
> privilege that could be leveraged for the purpose of contract
> identification. Thus, we introduce a new privilege,
> {PRIV_CONTRACT_IDENTITY}, that will be required of processes that
> set the Service FMRI term.
I'm assuming this applies to both the "Service FMRI" and the "Creator
Auxiliary" information. This means that end users using ctrun(1) won't
be able to setup contract identities that seems a shame since they can
create new contracts.
Would it be sufficient that the privilege is needed only to change the
stored identity information if it is already set or be required only to
set the "Service FMRI" and to change the aux information (if already set).
This looks like great stuff and I'd like to see it get as much scope for
use. I can see that setting a service FMRI as an end user could be seen
as a bad thing because it could confuse analysis tools but I'm not sure
I see the security risk in doing so, is there one ?
--
Darren J Moffat
