Darren, Have your issues be sufficiently addressed?
Thanks, John Lin Ma wrote: > Hi Darren, > > Darren J Moffat wrote: >> Section 4.11 Security Impact >> >> The interaction between "Primary Administrator" and "Console User" >> RBAC profiles is unfortunate. This basically says to me that this >> doesn't actually work in a useful way given how OpenSolaris system >> initial user having having "Primary Administrator". In my opinion >> that is a bad config but it wasn't one the ARC was asked to review nor >> it it for this case to fix (I believe the issue is being discussed >> elsewhere though). IIRC it was done before "Console User" existed. > Agree. > >> However the particular problem it causes 6749728 seems to be in scope >> for this case to resolve though and I think to approve this >> architecture it needs to be solved, or this case needs to be dependent >> on a case (or some other commitment) that we stop assigning "Primary >> Administrator" to the default user account. The workaround of >> modifying the "Primary Administrator" profile isn't acceptable and >> will actually cause different problems. > I personally prefer the later, make this case depend on a case like > "stop assigning 'Primary Administrator'", because gnome applications can > obtain root privileges easier with that profile. It isn't good. However > it looks like a long-term goal. So I think I should try to fix 6749728. > > My request is 6749728 is very complex, I hope I can get approval and > integrate Brasero first and fix that bug later. I will remove the > workaround from this case, update it like: > --------------- > > A not Privilege Awareness(NPA) command excuted by the user (who has > 'Primary Administrator' profile) with gksu(1) will be matched > the line: > > Primary Administrator:suser:cmd:::*:uid=0;gid=0 > > which will become a root process. This causes issue found in > CR#6749728 eject function doesn't work. > > --------------- > Is it OK? >> >> Please do not document the advice that the "Desktop CD User" be >> modified by an end system admin. Instead document that they should >> create their own profile and assign that to users instead. The >> reasons for this is that we do not have a good upgrade story for what >> happens when the system admin modifies profiles we deliver - it is >> made worse by the current lack of any upgrade of these in OpenSolaris >> IPS based systems - and is further complicated by the fact that the >> entries could be in a remote nameservice. > OK, I will document that "If system admin wants give users who do not > have 'Console User' profile the ability to use Brasero, he need to > create a new profile to the users and assign a proper privileges to > Brasero in that profile." Is it OK? > >> On the naming the "Desktop CD User" profile name should probably be >> CD/DVD/BlueRay which makes me thing it really should be "Desktop >> Removable Media User" > While I'm not a native speaker, so I will always agree on the name changes. > > lin
