On 07/30/10 03:49 PM, David Brodbeck wrote:
On Jul 30, 2010, at 3:31 PM, Scott Rotondo wrote:
Regarding the expansion of the attack surface, remember that
assuming the root role requires logging in to a user account first
and then providing the root password.
Well, yes and no. It's true that su requires the root password, and
sudo usually requires the password of the user account before running
commands with root privileges. pfexec does not require any password
entry at all, so an account that's allowed to exercise root
privileges via pfexec is, from a security standpoint, functionally
equivalent to another root account.
What you're describing is the effect of assigning the Primary
Administrator profile to users (so they can run any command as uid 0).
That's not something I would recommend from a security standpoint. You
certainly aren't required to do that in order to have the root account
as a role.
Scott
--
Scott Rotondo
Senior Principal Engineer, Solaris Core OS Engineering
President, Trusted Computing Group
Phone: +1 650 786 6309 (Internal x86309)
_______________________________________________
opensolaris-discuss mailing list
[email protected]
