With the caveat that I've never used of ppriv (and never heard of it till just now) things look fine to me. I agree that in read_only, it's the case that it shouldn't be able to fork and exec. That might change if/when we add a scratch area, or we'll need a different flag than read_only for that situation. I've got no objections.
Brock Dan Price wrote: > I've prototyped an enhancement: the method script which launches the > depot will now relinquish a substantial number of unneeded privileges. > This is context-aware, dropping more privileges for depots running > read-only. > > http://cr.opensolaris.org/~dp/pkg-priv/ > > I'd like feedback on this idea. I've implemented it, it seems to work. > Whether it's the right approach for the long term or whether it fits > the "correct SMF way to do things"-- since we could specify privs via > method contexts-- I'm not sure. I do think it will bolster our security > in the short term. > > Stephen, Shawn & Brock I would like you to take a look. > > -dp > > _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
