> I completely agree, imagine a scenario where an opensource project > repository has been compromised, and the Makefile for example changes some > files in /etc with "pfexec" and the user would never even notice it.
The problem is you're running an untrusted script. A malicious unprivileged script can still use any number of tricks to get you to elevate its privileges, or give it information it needs. A simple example is moving the payload to the install: section of the Makefile. Make would need to be running inside some sort of sandbox in order to protect you from yourself. Or, sudo/pfexec would need to be run in some sort of UI sandbox to protect the rest of the system from you, things pretending to be you, or things pretending to be sudo. UAC for Solaris, or CTRL+ALT+DEL to enter a secure terminal for any password entry, as in Win NT? Last one doesn't sound that bad, IMO. Or, you could just give users exactly the privs they need, and assume they will always have them, neatly avoiding the secure UI issue. I hope Solaris stays this path but that the 'exact privs', and UI for further elevation are figured out. That's how I see it anyway. Regards, Steve -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Lurie Sent: Monday, June 08, 2009 8:57 AM To: [email protected] Subject: Re: [indiana-discuss] pfexec? > All the certifications in the world do no good if the > security system > is configured to hand out root privileges lightly. I completely agree, imagine a scenario where an opensource project repository has been compromised, and the Makefile for example changes some files in /etc with "pfexec" and the user would never even notice it. As cool as RBAC may be, considering that the default privilege for the main user upon installation in OpenSolaris 2009.06 (and previous versions) is "Primary Administrator" it essentially makes it the same as running Windows with Administrator privileges... -- This message posted from opensolaris.org _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss Confidentiality Notice! This electronic transmission and any attached documents or other writings are confidential and are for the sole use of the intended recipient(s) identified above. This message may contain information that is privileged, confidential or otherwise protected from disclosure under applicable law. If the receiver of this information is not the intended recipient, or the employee, or agent responsible for delivering the information to the intended recipient, you are hereby notified that any use, reading, dissemination, distribution, copying or storage of this information is strictly prohibited. If you have received this information in error, please notify the sender by return email and delete the electronic transmission, including all attachments from your system. _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
