On Mon, Sep 25, 2006 at 02:42:31AM +0200, Roland Mainz wrote: > Casper.Dik at sun.com wrote: > > The pf*sh issue is somewhat broader than just the builtins. > > > > In the ideal world the pf*sh would just have a flag bit set and the > > kernel would take care of most of the rest. (So a pf*sh would not > > involve changing the code in the shell). > > > > For now, the easiest route I think is disabling all "non-standard" > > builtins for pfksh93. > > Erm... this is not that easy since this would break the AST/ksh93 test > suite (for example disabling the builtin "test" command is a very bad > idea) when ksh93 has launched as "pfksh93" and I really like to avoid > that.
test(1) requires no privilege though. (Also, RBAC doesn't provide file access role based access control, so test(1) really can't do much about RBAC profiles.) Also, pfksh93 is not expected to behave exactly like ksh93! Any test suite would have to be able to test the RBAC functionality. Nico --
