Quoth Keith M Wesolowski on Wed, Mar 21, 2007 at 08:51:06AM -0700: > On Tue, Mar 20, 2007 at 09:52:53PM -0700, David Bustos wrote: > > - Is it too pedantic to worry about applications or users who are > > already using properties named "read_authorization"? > > I think so. I'm not aware of any service using this property, and the > similarity of its name to existing reserved names should have > discouraged anyone from doing so. It would have been better to have > reserved a part of the property namespace, but this was not done.
Would it be wise to reserve all properties suffixed with _authorization? (Not that you have to in this case.) > > 2.1.2. svc.configd(1M) RPC changes ... > > - Shouldn't the read_authorization property itself be world-readable > > so that software can determine whether permission was denied becasue > > of it? Similarly for action_, modify_, and value_authorization. > > No. Knowledge of the authorization required to perform an action is > potentially valuable information. Attacking a system is not an > adventure game; we don't say "you need the blue key to open this > door" to encourage the player to go find the right one. Isn't hiding the weak spot rather than fixing it also known as "security through obscurity"? Won't this build a usability barrier and potentially a security risk into the system by requiring users to acquire more privilege than may be necessary in order to accomplish the task? ... > > 2.3. svcprop(1) changes > > > > "the present behaviour...": I think you should clarify this, since > > svcprop displays different things for a property with no values and > > a property with a single value which is the empty string. > > The change I made here was at gww's recommendation. I too felt the > original language was clearer. Do either of you have suggestions for > alternate language? I think the parenthetic expression should be removed. David
