Gary Winiger wrote: >> Amendment 1: >> >> The pconsole-bin binary requires elevated privilege to be useful. We >> request to move the binary from the originally stated /usr/bin to >> /usr/sbin, in line with where other binaries requiring privilege >> usually exist. >> >> Amendment 2: >> >> A new execution profile and attribute will be defined. The specific >> RBAC additions are: >> >> /etc/security/prof_attr: >> Parallel Console Access:::Connect to remote consoles with pconsole: >> >> /etc/security/exec_attr: >> Parallel Console Access:suser:cmd:::/usr/sbin/pconsole-bin:euid=0 >> > ^^^^^ ^^^^^^ > This is fine for S7-S9, but not for S10 forward. > exec_attr(4): > policy The security policy that is associated with the > profile entry. The valid policies are suser (stan- > dard Solaris superuser) and solaris. The solaris > policy recognizes privileges (see privileges(5)); > the suser policy does not. > > The solaris and suser policies can coexist in the > same exec_attr database, so that Solaris releases > prior to the current release can use the suser > policy and the current Solaris release can use a > solaris policy. solaris is a superset of suser; it > allows you to specify privileges in addition to > UIDs. Policies that are specific to the current > release of Solaris or that contain privileges > should use solaris. Policies that use UIDs only or > that are not specific to the current Solaris > release should use suser. > > What are the elevated privileges and why are they required? > Just those privileges should be specified in the privs= attribute. > Why is there a need to specify a uid? > I guess that since I filed the bug that caused these amendments to be filed, I will chime in.
pconsole appear to do the typical seteuid(getuid()) at startup, then elevates it's euid when it needs to to use ioctl(c->fd, TIOCSTI, &kar). TIOCSTI appears to require elevated privilege. streamio.c appears to do the auth checking in the kernel using secpolicy_sti(), which equates to* return* (secpolicy_require_set <http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/os/policy.c#secpolicy_require_set>(cr <http://src.opensolaris.org/source/s?defs=cr&project=/onnv>, PRIV_FULLSET <http://src.opensolaris.org/source/s?defs=PRIV_FULLSET&project=/onnv>, NULL <http://src.opensolaris.org/source/s?defs=NULL&project=/onnv>)); It looks like euid=0 is the smallest hammer that we have to get you there, but if you have a smaller hammer than euid=0 that gets you there, than that would be the appropriate thing to do. -Norm
