James Carlson wrote: [snip] > > maybe for now pf should trump all builtins but the ones already allowed > > whether by /usr/ast/bin or not > > That'd be the least problematic answer.
But IMO it is the wrong solution (see my other emails for details, the builtin thing is something coming from the POSIX shell specs). > > is this a restriction issue? is a user knowingly executing an explicit > > builtin > > a violation (as in a restricted shell sense)? > > It could be. RBAC does have the ability to revoke privileges. Uhm... could you describe an example ? AFAIK RBAC only grants extended priviledges via the RBAC context but it cannot remove them if they are part of what a plain, normal user can do (because he/she could simply run a normal shell and/or switch the shell to the normal, non-profile shell mode, bypassing the execution within a RBAC context)... or not ? ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 7950090 (;O/ \/ \O;)
