Dan Price wrote:
> I've prototyped an enhancement: the method script which launches the
> depot will now relinquish a substantial number of unneeded privileges.
> This is context-aware, dropping more privileges for depots running
> read-only.
>
> http://cr.opensolaris.org/~dp/pkg-priv/
>
> I'd like feedback on this idea. I've implemented it, it seems to work.
> Whether it's the right approach for the long term or whether it fits
> the "correct SMF way to do things"-- since we could specify privs via
> method contexts-- I'm not sure. I do think it will bolster our security
> in the short term.
Given the need for a different set of privileges for a read_only vs
read_write depotd this is a good approach to the problem.
Your use of ppriv is correct.
The only change I would suggest is that you also remove the following
basic privs that a read_only depotd really shouldn't need:
file_link_any
proc_session
proc_info
--
Darren J Moffat
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
