On Mon, 25 Sep 2006 16:16:00 -0400 James Carlson wrote: > > maybe for now pf should trump all builtins but the ones already allowed > > whether by /usr/ast/bin or not
> That'd be the least problematic answer. > > is this a restriction issue? is a user knowingly executing an explicit > > builtin > > a violation (as in a restricted shell sense)? > It could be. RBAC does have the ability to revoke privileges. ok I think it would be possible for us to configure a pfksh93 that allows only a predefined set of builtins (matching those already allowed) and no runtime builtin additions are there tests to verify proper pfsh and/or pfksh operation? proprietary tests are ok, we'd just need to know pass/fail with some hints on the failure modes -- Glenn Fowler -- AT&T Research, Florham Park NJ --
