Richard L. Hamilton writes: > Right, but but I was thinking that an extra priv should be required, > since this would override POSIX and/or mount-time policy, > obfuscate forensics, etc.
Allowing willing applications to step outside of the confines of POSIX -- even if their doing so may deny POSIX-compliant applications from gathering information they desire (such as access time) -- doesn't seem like a sufficient reason to me to assign a privilege. POSIX is one of many environments we support, and I wouldn't want to build a moat around it. The "obfuscating forensics" argument is a much better one. It's hard to imagine how anything other than a file-based system backup utility could have a valid reason to avoid the access time update. The remainder of users would be hackers attempting to obscure their trail and lame applications trying to get a "performance edge." This capability seems to me to be pretty closely related to PRIV_FILE_DAC_READ and PRIV_FILE_OWNER. At least, you'd very likely need those permissions (or similar) to make use of this feature. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ opensolaris-code mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
