On Thu, Apr 10, 2008 at 05:48:29PM -0700, Gary Winiger wrote: > > > > can gain DTRACE_PROC privilege by creating a new user account, uid == 0, > > > > via /etc and logging in over ssh. > > > > > > I think the reason is this: if you want to run with least privilege then > > > you also want to run as not-root. > > > > That's not the case for the majority of the daemons on Solaris, though. > > And we all know that there's still work to do throughout Sun > to realize the principle of least privilege. If you have some > specific services in mind, consider setting a method context > for them with uid noaccess and privs=none.
Sorry but I'm still not getting it. "We need to do more least privilege work in Solaris" doesn't explain "the design allows this escape hatch". What's the *purpose* of this escape hatch? (I'm guessing it's related to uid==0 compatibility, but I'm not quite seeing it right now.) cheers john
