>Does this mean that the need for the existence of the /usr/bin/pfexec program >will remain? OK, from readin below this seems to be true.
Yes, that is correct. >... or will there be a file system attribute that allows to create spfexec >executable file behavior? No. (Note that exec_attrs belong to a profile, not the executable) > >> The pfexecd is started at boot through SMF as "svc:/system/pfexecd". >> >> Implementing pfexec in the kernel delivers the following advantages: >> >> >> - pfshells come at no charge; this project will deliver >> the following pf*sh*: >> pfbash pfcsh pfksh pfksh93 pfsh pftcsh pfzsh >> >> A pf*sh* starts, sets the PRIV_PFEXEC flag and executes >> the shell. Code which supports profile shells in current >> shells will be removed. > >You mean the code that shifts the arg vector and that prepends /usr/bin/pfexec >? Correct. >> /usr/bin/pfcsh [ options ] [ argument ]... >> >> + /usr/bin/pftcsh [ options ] [ argument ]... >> + >> /usr/bin/pfksh [ options ] [ argument ]... >> >> + /usr/bin/pfksh93 [ options ] [ argument ]... >> + >> + /usr/bin/pfbash [ options ] [ argument ]... >> + >> + /usr/bin/pfzsh [ options ] [ argument ]... >> + > >Will there be the possibility to turn on/off this feature like while the shell >is running like I did implement in "bsh" and "sh" in >ftp://ftp.berlios.de/pub/schily/ > >set -P # Turn on profile mode >set +P # Turn off profile mode > >set -o profile # Turn on profile mode >set +o profile # Turn off profile mode No; that use is wrong. A profile can be defined such that you can only run a few executables. Being able to disable the "profileness" of a shell is a bug because of that feature. I tried ksh93 and ksh and neither appears to support those. Casper
