All,
Attached is the updated proposal which is also archived (diff below).
The modification is to remove the Primary Administrator rights from
the user at install time.
Thanks,
John
*** proposal.txt.orig Thu Feb 25 08:53:52 2010
--- proposal.txt Fri Feb 26 13:52:00 2010
***************
*** 13,19 ****
2.1. Project Description:
Updates Users screen of Solaris GUI installer.
! The proposed updates are in response to Bug 1436 [1].
4. Technical Description:
4.1. Details:
--- 13,19 ----
2.1. Project Description:
Updates Users screen of Solaris GUI installer.
! The proposed updates are in response to Bug 1436 [1] and 4885 [4]
4. Technical Description:
4.1. Details:
***************
*** 25,30 ****
--- 25,33 ----
- Entry of users login name and password is now mandatory.
- Default root password is set to initial login password specified
here.
+ This case also implement the removal or Primary Administrator
privileges for
+ the initial user created. See [4]
+
4.2. Interfaces:
Exported Interfaces Stability Comments
***************
*** 59,61 ****
--- 62,66 ----
[3] UIRB/2007/264 Dwarf Caiman UIRB Review Materials
http://sac.sfbay/Archives/CaseLog/rb/UIRB/2007/264/
+ [4] User created by installer gets unsafe profile "Primary
Administrator"
+ http://defect.opensolaris.org/bz/show_bug.cgi?id=4885
On 02/26/10 01:44 AM, Casper.Dik at Sun.COM wrote:
>
>> Since this case makes it mandatory that root is a role, it should also
>> make it mandatory to assume the root role in order to get a root shell.
>> The current behavior, whereby the user can get a root shell by typing
>> "pfexec bash" is a serious security flaw, and is inconsistent with the
>> RBAC implementation in Solaris. For example, such a sequence could be
>> embedded in any script which the user might execute, thereby becoming
>> root without the user's intent.
>>
>> So I agree with Darren that this case is incomplete, unless it also
>> undoes the assignment of the Primary Administrator rights profile to the
>> initial user. IMHO, it would never have been approved if it had been
>> requested through the ARC process.
>
> Indeed; the new implementation of "in-kernel pfexec" makes this
> very clear; a user with a "Primary Administrator" as their profile,
> will get a "root" prompt when executing a pf*sh*. (That's because
> the in-kernel pfexec executes a profile shell as if it is executed
> by pfexec)
>
> Casper
>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: proposal.txt
URL:
<http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20100226/771ec8a9/attachment.txt>
