> > > can gain DTRACE_PROC privilege by creating a new user account, uid == 0,
> > > via /etc and logging in over ssh.
> >
> > I think the reason is this: if you want to run with least privilege then
> > you also want to run as not-root.
>
> That's not the case for the majority of the daemons on Solaris, though.
And we all know that there's still work to do throughout Sun
to realize the principle of least privilege. If you have some
specific services in mind, consider setting a method context
for them with uid noaccess and privs=none.
Gary..
