I'm reopening this case as a fast track, as requested by the project
team. The timer is set for 03/05/2010. Note: this project is not
integrated yet.
I have saved the new spec as spec.txt in the case directory. Compared
with the previous case spec, the following changes were made:
1. The
Template Version: @(#)sac_nextcase 1.69 02/15/10 SMI
This information is Copyright 2010 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
RBAC update: user attrs from profiles
1.2. Name of Document Author/Supplier:
Author: Casper Dik
1.3 Date of
Since this case makes it mandatory that root is a role, it should also
make it mandatory to assume the root role in order to get a root shell.
The current behavior, whereby the user can get a root shell by typing
pfexec bash is a serious security flaw, and is inconsistent with the
RBAC
On 26/02/2010 09:35, Casper Dik wrote:
Template Version: @(#)sac_nextcase 1.69 02/15/10 SMI
This information is Copyright 2010 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
RBAC update: user attrs from profiles
1.2. Name of Document Author/Supplier:
Why just those two ? In general other than type I think all of the
user_attr(4) keywords should be applicable in prof_attr (I wouldn't
object to type being able to be specified in prof_attr though).
In particular: roles, project, lock_after_retries but all the others
too. For me project
On 26/02/2010 10:29, Casper.Dik at Sun.COM wrote:
Why just those two ? In general other than type I think all of the
user_attr(4) keywords should be applicable in prof_attr (I wouldn't
object to type being able to be specified in prof_attr though).
In particular: roles, project,
I'm submitting this fast-track for Venugopal Iyer. The release binding
is Patch, but this case depends on the following other cases:
PSARC/2009/364 dlstat and flowstat
PSARC/2009/448 pool dladm link property
PSARC/2009/501 Dynamic Ring Grouping on NICs
This case makes modifications to the
-arc/attachments/20100226/771ec8a9/attachment.txt