Bill Sommerfeld wrote: > On Wed, 2008-08-27 at 17:03 -0700, Darren Reed wrote: >> On 08/27/08 16:37, Bill Sommerfeld wrote: >>> Unless I'm mistaken, the spec as written would allow *any* service >>> administrator to inject essentially arbitrary rules into the global >>> ipf.conf. > >> Given David's replies, do you still see that as being possible? > > The spec needs to make it clear that it is unsafe to delegate access to > these properties. > > smf could probably use a mechanism to make it harder to screw up access > to critical properties like this.
Yes, I'll include a section to detail delegation access to these properties. However, there's a general mis-perception that service admin can inject arbitrary rules that I'd like to clarify. Each service has a static definition property group and a firewall policy property group. Service admins can only modify firewall policy which the framework will use in conjunction with the static information(service port and protocol) to generate rules. Thus, the services' rules are not supposed to be conflicted unless we have incorrect static definition. The only non-framework generated or customized rules that can be delivered are those by service developers by ways of ipf_method scripts. These ipf_method scripts are defined in the static definition thus isn't subject to actions by service admins. Thanks, tony
