[repost - it bounced yesterday] Chris Josephes wrote: >> To be serious, yes things could be done a bit differently but this >> solution requires the least architectural review and meets user needs >> without being too complicated. > > How does this change affect or add time to the architectural review? Would it make sense for me to submit a proposal for a future release. > > I'm not trying to be critical, but here's the problem that I have. > > Back in 2005, Glenn Burnette wrote a Sun Blueprints paper discussing the practice of limiting privileges in Apache (or other services) and the advantages of Solaris security compared to other platforms. > > http://www.sun.com/blueprints/0505/819-2680.pdf > > So it's a little disappointing when I see one or two Coolstack applications that don't even adhere to conventions that were set forth years ago.
If Sun had developed new applications that ignored/violated conventions, that would indeed be a matter for concern. But importing third-party applications NOT developed to those guidelines seems to me a different matter. You're asking for a retro-fit! Indeed, where these are cross-platform applications, solaris-specific attributes such as privileges may necessarily be N/A. But having said that, there is now a mod_privileges for Apache, that makes it privileges-aware (although it is only available in a limited range of deployments - most importantly with PHP applications). -- Nick Kew
