On Tue, 2010-04-20 at 08:14 -0700, Garrett D'Amore wrote: > This all looks pretty good. I'd like to see an actual list of the mdb > macros and DTrace probes that have been proposed.
Expect more cases exposing the Dtrace probes (soon) and MDB macros (later). > Furthermore, I'd like > some independent analysis from the project team (if possible) to confirm > that the new debugging enhancements can't result in leakage of sensitive > data -- whether keys (session or long term), passwords, or anything > which could be use to subvert a session or recover other sensitive > information. (I'm not doubting that the project team "did the right > thing" here -- I'd just feel better if such changes were reviewed by > other kerberos experts as an independent audit -- if this has not > already been done. (I realize that this recommendation is not > necessarily architectural -- still the sensitive nature of the software > in question merits this extra step, IMO. Also, while code review should > also be done as for any project, this independent review I'm talking > about need only consider the soundness of the interfaces and need not > delve into their implementation, IMO.) I think that this concern can be followed up in the cases which will introduce the probes and macros. -M _______________________________________________ opensolaris-arc mailing list [email protected]
