> Rob's sent me updated materials which reflect the clarifications due
> to the conversation here around privileges and the removal of
> config/debug from the manpages.
>
> I've put them in the case directory.
> 4.11. Security Impact:
> During daemon initialization, the smtp-notify daemon will reduce its
> privileges to the following minimal set:
>
> afsr# ppriv 104651
> 104651: /usr/lib/fm/notify/smtp-notify
> flags = PRIV_AWARE
> E: basic,proc_setid
> I: basic,proc_setid
> P: basic,proc_setid
> L: basic,proc_setid
The updated materials don't state what uid(s)/gid(s) the service runs
with. If it starts with uid/gid 0 and changes it's uid/gid, what is
the new uid?
Note: proc_setid Allow a process to set its UIDs at will, assuming
UID 0 requires all privileges to be asserted.
Can this privilege reduction be done with a method context instead
of by the daemon? If so, why isn't that the choice. If not,
why not?
Nit, I suspect there's a case dependency on PSARC/2009/617
Gary..
