"Fredrich Maney" <[EMAIL PROTECTED]> wrote:
> This is no more of a security hole than giving the root password to
> the system administrator or allowing them to boot from alternative
> media. It is a procedural exposure at best, not a technical one. At
> some point, you simply have to trust the ad
On Tue, Jul 15, 2008 at 4:18 AM, Joerg Schilling
<[EMAIL PROTECTED]> wrote:
> "Moinak Ghosh" <[EMAIL PROTECTED]> wrote:
>
>> > Profiles are data base entries for pfexec and tell pfexec how to set up
>> > privs
>> > for specific programs. I know of no eay to disable a profile for specific
>> > prog
"Moinak Ghosh" <[EMAIL PROTECTED]> wrote:
> > Profiles are data base entries for pfexec and tell pfexec how to set up
> > privs
> > for specific programs. I know of no eay to disable a profile for specific
> > program families.
> >
> > You could clear the privilege PRIV_PROC_SETID to make pfexec
On Tue, Jul 15, 2008 at 12:34 AM, Joerg Schilling
<[EMAIL PROTECTED]> wrote:
> "Moinak Ghosh" <[EMAIL PROTECTED]> wrote:
>
>> >> >insecure applications like firefox into /etc/security/exec_attr
>> >> >that takes away this to be defined PRIV_PROC_PFEXEC privilege
>> >> >from
"Moinak Ghosh" <[EMAIL PROTECTED]> wrote:
> >> >insecure applications like firefox into /etc/security/exec_attr
> >> >that takes away this to be defined PRIV_PROC_PFEXEC privilege
> >> >from these applications.
> >>
> >>This is a good point but I do not think that a new
On Mon, Jul 14, 2008 at 10:52 PM, Joerg Schilling
<[EMAIL PROTECTED]> wrote:
> "Moinak Ghosh" <[EMAIL PROTECTED]> wrote:
>
>> > - Add a new privileges(5) privilege that allows to disallow to use
>> >pfexec.
>> >
>> >This would be needed in order prevent unwanted use of pfexec
"Moinak Ghosh" <[EMAIL PROTECTED]> wrote:
> > - Add a new privileges(5) privilege that allows to disallow to use
> >pfexec.
> >
> >This would be needed in order prevent unwanted use of pfexec from
> >privileged accounts. I recommend to add an entry for exposed or
> >
On Mon, Jul 14, 2008 at 8:40 PM, Joerg Schilling
<[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (Joerg Schilling) wrote:
>
> As there is nothing like OpenSolaris Architecture Design, I take this list
>
>
>> James Carlson <[EMAIL PROTECTED]> wrote:
>>
>> > Doing this should fix the problem:
>> >
[EMAIL PROTECTED] (Joerg Schilling) wrote:
As there is nothing like OpenSolaris Architecture Design, I take this list
> James Carlson <[EMAIL PROTECTED]> wrote:
>
> > Doing this should fix the problem:
> >
> > % pfexec pkg install SUNWscp
>
> BTW: I am still interested in an answer for the
"john g4lt" <[EMAIL PROTECTED]> wrote:
> > There is a degradation of security if you use a pf*sh shell and as the
>
> The only security degradation is one of Social Engineering, that is,
> SOMEONE gave the user more privileges than they should have been
> trusted with. Net lesson here, UNIX gives
On Wed, Jul 9, 2008 at 4:46 AM, Joerg Schilling
<[EMAIL PROTECTED]> wrote:
> "john g4lt" <[EMAIL PROTECTED]> wrote:
>
>> Why would you use pfsh as a shell, it's horribly limited. If one sets
>> pfsh as their $SHELL, it's pretty much intentional that all commands
>> are run with elevated privileges
"john g4lt" <[EMAIL PROTECTED]> wrote:
> Why would you use pfsh as a shell, it's horribly limited. If one sets
> pfsh as their $SHELL, it's pretty much intentional that all commands
> are run with elevated privileges, assuming that the user has the
> capability to run with them, so any elevated p
On Tue, Jul 8, 2008 at 2:32 AM, Joerg Schilling
<[EMAIL PROTECTED]> wrote:
> James Carlson <[EMAIL PROTECTED]> wrote:
>
>> Doing this should fix the problem:
>>
>> % pfexec pkg install SUNWscp
>
> BTW: I am still interested in an answer for the pfexec usage
>
> If you like to propagate the ma
Hi Joerg,
On Tue, Jul 08, 2008 at 10:32:03AM +0200, Joerg Schilling wrote:
> James Carlson <[EMAIL PROTECTED]> wrote:
>
> > Doing this should fix the problem:
> >
> > % pfexec pkg install SUNWscp
>
> BTW: I am still interested in an answer for the pfexec usage
>
> If you like to
James Carlson <[EMAIL PROTECTED]> wrote:
> Doing this should fix the problem:
>
> % pfexec pkg install SUNWscp
BTW: I am still interested in an answer for the pfexec usage
If you like to propagate the manual use of pfexec, you would need to
make the pf*sh shells outdated.
People who have
15 matches
Mail list logo