On Fri, Jul 30, 2010 at 03:49:57PM -0700, David Brodbeck wrote: > > On Jul 30, 2010, at 3:31 PM, Scott Rotondo wrote: > > Regarding the expansion of the attack surface, remember that assuming the > > root role requires logging in to a user account first and then providing > > the root password. > > Well, yes and no. It's true that su requires the root password, and sudo > usually requires the password of the user account before running commands > with root privileges. pfexec does not require any password entry at all, so > an account that's allowed to exercise root privileges via pfexec is, from a > security standpoint, functionally equivalent to another root account.
No, an account that has to either use su or pfexec to acquire root privs is not functionally the same as a root user account. Let's assume there are several people that require root privs to do their job. With a root user account any of them could login as root and audit records would not be able to identify which of those people did what as root. With RBAC and root as a role and each admin having their own account, audit records would show who became root and what commands they executed as root. Accountability is definitely enhanced with root as a role. -- Will Fiveash Oracle Note my new work e-mail address: will.five...@oracle.com http://opensolaris.org/os/project/kerberos/ Sent using mutt, a sweet text based e-mail app: http://www.mutt.org/ _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
