Che Kristo <c...@opensolaris.org> wrote: > I assume by the security issue you are reffering to > http://defect.opensolaris.org/bz/show_bug.cgi?id=1945 & > http://defect.opensolaris.org/bz/show_bug.cgi?id=4885 > > My understanding is that a fix for 4885 is targeted for indiana.next to get > rid of the XP style "admin by default"
The fact that this exist is the first security issue. BTW: I did also file a bug but I cannot find it..... Sun is applying this patch to cdrecord: http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/cdrtools/cdrecord.c.patch and this allows _any_ user to write _any_ local file to CD or DVD and to read it back later. This is a real security problem that has been introduced by Sun while trying to hide the effects from the insane privilages treatment on Indiana. Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de (uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
