Darren J Moffat wrote:
> Margot Miller wrote:
>
>> - If no objections, will not move configuration files into SMF
>
> I have no objection to this either in this case or in a future case
> where star is replacing the existing tar.
>
>> - Project delivered via SFW consolidation
>
> C-Team note: This creates a cross consolidation flag day for the
> removal of rmt being delivered from ON and being delivered in a new
> package from SFW.
>
>> Open Issues:
>>
>> - Do we document in star man pages the differences between star
>> and tar?
>
> That would be nice to have but I wouldn't say it was necessary for
> completeness of *this* case.
>
>> - How does Solaris auditable policy interact with star/rmt?
>
> Exactly the same way /usr/bin/tar does - ie it doesn't directly tar
> (and star) are not responsible for (or even able to (since they have
> no forced privilege)) audit.
>
> Similarly the existing ON rmt program does not do any audit so
> replacing it with the rmt from star should not be required to do any
> auditing either.
I *strongly* disagree with this one. Joerg's /etc/rmt makes
authorization/access control decisions based on a policy of its own
(driven by the /etc/default/rmt file). I don't think you can get away
without doing auditing if you're going to have this "security
enhancement" in rmt.
Gary?
-- Garrett
