On Jul 30, 2010, at 3:31 PM, Scott Rotondo wrote: > Regarding the expansion of the attack surface, remember that assuming the > root role requires logging in to a user account first and then providing the > root password.
Well, yes and no. It's true that su requires the root password, and sudo usually requires the password of the user account before running commands with root privileges. pfexec does not require any password entry at all, so an account that's allowed to exercise root privileges via pfexec is, from a security standpoint, functionally equivalent to another root account. -- David Brodbeck System Administrator, Linguistics University of Washington _______________________________________________ opensolaris-discuss mailing list [email protected]
