Joerg Schilling wrote: > Casper.Dik at sun.com wrote: > >> >>> If you call this a bug, when will the documentation (best practice) bug from >>> Indiana be fixed that is based on manually calling pfexec? >> I don't see a relation between the two. I'm not responsible for abuse of >> pfexec; we could remove pfexec with this case but I have decided not to do >> that. > > Then let me try to start the discussion in a different way. > > If you believe that implementing a way to switch the pfexec state in a shell > on/off while the shell is running, then the whole pfexec concept contains a > bug. > > This may be very easy be verified: > > You can always call one of the /bin/pf*sh* and get the pfexec feature enabled > and you could terminate this shell whenever you like. > > So implementing a way to switch on/off the pfexec feature in a running shell > just does the same in a more convenient way.
Please take this discussion to security-discuss at opensolaris.org it is not relevant to this case. -- Darren J Moffat
