[indiana-discuss] pfexec?
Haik Aftandilian
Haik.Aftandilian at Sun.COM
Mon Jun 8 10:53:14 PDT 2009
Nicolas Williams wrote:
> On Fri, May 29, 2009 at 11:33:01AM -0500, Shawn Walker wrote:
>>> RBAC offers a lot of functionality, but without pfexec using password
>>> authentication, I don't think it is the best fit as used here.
>> Arguably, RBAC and the use of roles offers better security than sudo
>> depending on the setup you use. (I'm speaking only of role-based
>> authentication here, not pfexec.)
>
> RBAC is better than SUDO, IMO, because it can be used from contexts
> where SUDO can't be, such as IPC services. (For example, SMF itself,
> where svc.configd authorizes the requests it gets by checking the
> RBAC authorizations of the caller's euid.)
>
> However, the lack of a password prompt and convenience "ticketing"
> feature like SUDO's does hurt RBAC.
I agree. RBAC is cool technology and it solves real problems.
However, the problem here is that the default OpenSolaris user gets to
execute with root privileges without password authentication.
These two bugs were filed to address this security problem.
http://defect.opensolaris.org/bz/show_bug.cgi?id=1945
http://defect.opensolaris.org/bz/show_bug.cgi?id=4885
Let's make sure these bugs get attention.
Hopefully, we can fix this in a way that doesn't invalidate the
countless tutorials and blog posts that instruct users to issue commands
like "pfexec pkg install SUNWcheese".
Haik
More information about the indiana-discuss
mailing list