On Thu, 2006-01-26 at 10:41, Joerg Schilling wrote: > I heard that the next Trusted Solaris implementation will only add a few > things > to Solaris 10. Does this mean that it will use the current open privs > implementation?
It most certainly will be using the current OpenSolaris privileges implementation. It will add a few more privileges to the set. It does not use any extended file attributes. Nit on terminology, the next version is called "Trusted Extensions for Solaris". Why ? because it isn't a separate OS install it is an add on to Solaris 10. It uses the kernel implementation of Zones to provide MAC labeling. > No, the problem is that Linux e.g. implements an interface that forces star > to know more about the content than I like. > > If the interface would be defined the right way, then star would not need this > special OS dependent know how. By the interface do you mean the syscalls that star needs to use to get the data and how the names of the data and its content is presented to you ? I don't like our openat(2) interface that much I think the MacOS X one is nicer. However I think you have more experience here to know what is more suitable for archival programs. > > > > Well, I really like fine grained privs and I like to start avoiding > > > suid-root > > > programs where ever possible. > > > > The whole point of the privilege bracketing is that it is making > > setuid safe. The use of setuid attribute on the file is just a > > Let us say "safer". For course the missing "r" was a typo. -- Darren J Moffat _______________________________________________ opensolaris-code mailing list [email protected] https://opensolaris.org:444/mailman/listinfo/opensolaris-code
