On Wed, 27 Sep 2006 16:50:31 +0100 Darren J Moffat wrote: > Joerg Barfurth wrote: > > One way to fix this would be to place the ksh93 versions of the builtins > > into the file system (e.g. as /usr/ast/bin/chmod) and have pfksh93 > > pfexec that. Unfortunately that also requires all pertinent profiles to > > be updated to specify the /usr/ast/bin/* version as well, whenever it > > has one of the corresponding /usr/bin/* commands.
> I'm not really comfortable with that. Yes it would work but it exposes > a lot of ksh93 implementation details into the RBAC profile system. how about we get to a point where we think we have done everything possible to pfksh93 before seeping into profile changes progress is being made on security-discuss -- Glenn Fowler -- AT&T Research, Florham Park NJ --
