Joerg Schilling wrote: > James Carlson <james.d.carlson at Sun.COM> wrote: > > It can't be in libcmd, because those external programs themselves will > > link to libcmd to get the implementation there. You'd just recurse > > forever. > > > > In order for this to work, either (A) all applications using libcmd > > must become smart enough to know when to do exec() instead or (B) no > > application other than a /usr/bin/* utility implemented by way of > > libcmd should ever link against libcmd. > > If ksh93 likes to provide commands that behave like the builtins, the only > way I see is that ksh93 checks whether a specfic command needs special > treatement and then calls /usr/bin/pfexec /usr/ast/bin/<cmd>. > > Then the database in /etc/security needs to be enhanced for > /usr/ast/bin/<cmd>.
Or we create a new sibling of "pfexec" (for eaxmple called "pfkshexec") which executes the commands in a new ksh93 instance after the RBAC context has been established... would that work ? ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 7950090 (;O/ \/ \O;)
