>Liane Praza wrote:
>> 3.2 New privileges
>>
>> In order to be able to reliably identify a process contract based
>> on the service FMRI value, we will require privilege to set the
>> term in the process contract template. There is no current
>> privilege that could be leveraged for the purpose of contract
>> identification. Thus, we introduce a new privilege,
>> {PRIV_CONTRACT_IDENTITY}, that will be required of processes that
>> set the Service FMRI term.
>
>I'm assuming this applies to both the "Service FMRI" and the "Creator
>Auxiliary" information. This means that end users using ctrun(1) won't
>be able to setup contract identities that seems a shame since they can
>create new contracts.
>
>Would it be sufficient that the privilege is needed only to change the
>stored identity information if it is already set or be required only to
>set the "Service FMRI" and to change the aux information (if already set).
>
>This looks like great stuff and I'd like to see it get as much scope for
>use. I can see that setting a service FMRI as an end user could be seen
>as a bad thing because it could confuse analysis tools but I'm not sure
>I see the security risk in doing so, is there one ?
I would expect you would need to "own" the contract in question or
be able to control it in order to set the identity.
Casper
