Liane Praza wrote: > 6. Security issues > > Currently, as on other platforms, all of these daemons run as root with > full privileges. Further work is underway to utilise least privilege and > other Solaris security technologies to improve this situation.
Do we have a timeframe for when we can expect this to be done ? Note that a perfectly acceptable first cut of this does not require modification of the code. Just use the Privilege Debugging Blueprint and the tool that is with it to determine what privileges are actually used and use that as the initial set that SMF gives to the start method. > Additionally, the community is working on authentication schemes for > access to the control tools as part of the 'xend API' work. We intend to > leverage this work as we track upstream development. Timeframe ? > In addition, no RBAC authorizations are being proposed in this case for > the > service and property administration of these FMRIs at this point in time. > As there is no support for delegated administration in the rest of the Xen > control stack at this point in time, this would be at best an attractive > nuisance. (That is, there's not much point in delegating control of xend's > properties when starting a domain instance requires root anyway). When > further work is complete, RBAC facilities for these FMRIs will be detailed > in a future case. This isn't acceptable to me. In fact I'd assert exactly the opposite. Preciesly because Xen has no delegated admin system of its own there should be an RBAC execution profile for running the Xen admin commands and the rights profile should contain the RBAC authorisations used to control the SMF services. For example if there is an admin command that needs to be run with all privilege then that should be in an RBAC profile. This should have been covered in the main Xen case, for me though this case makes it very clear that was probably missed. -- Darren J Moffat
