Nicolas Williams wrote:
On Fri, May 29, 2009 at 11:33:01AM -0500, Shawn Walker wrote:
RBAC offers a lot of functionality, but without pfexec using password
authentication, I don't think it is the best fit as used here.
Arguably, RBAC and the use of roles offers better security than sudo
depending on the setup you use. (I'm speaking only of role-based
authentication here, not pfexec.)
RBAC is better than SUDO, IMO, because it can be used from contexts
where SUDO can't be, such as IPC services. (For example, SMF itself,
where svc.configd authorizes the requests it gets by checking the
RBAC authorizations of the caller's euid.)
However, the lack of a password prompt and convenience "ticketing"
feature like SUDO's does hurt RBAC.
I agree. RBAC is cool technology and it solves real problems.
However, the problem here is that the default OpenSolaris user gets to
execute with root privileges without password authentication.
These two bugs were filed to address this security problem.
http://defect.opensolaris.org/bz/show_bug.cgi?id=1945
http://defect.opensolaris.org/bz/show_bug.cgi?id=4885
Let's make sure these bugs get attention.
Hopefully, we can fix this in a way that doesn't invalidate the
countless tutorials and blog posts that instruct users to issue commands
like "pfexec pkg install SUNWcheese".
Haik
_______________________________________________
indiana-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
