Gary Winiger wrote: >> There is no security vulnerability in not requiring privilege to set the >> "Service FMRI". Requiring privilege has the goal of making the term >> "Service FMRI" a trusted, system-wide name for observability purposes. >> Just as the SMF service FMRI is today. > > Hummm, is that really worth adding a privilege and requiring > ctrun to be called with that privilege? What's the risk of > the FMRI being spoofed on a contract? The FMRI term as proposed is intended to allow an administrator to reliably identify where each contract on the system originates from. Since creating a new contract doesn't require privilege, permitting any contract creator to set the FMRI term limits observability and impedes forensic analysis.
> > What Rights Profile is being proposed to grant ctrun privilege? A new Rights Profile named "Process Contract Identifier" should be amended to this case. > And who should be granted this profile? Users who are responsible for creating service-like collections of processes that the administrator has decided should be identified separately from services started by SMF Antonello
