[indiana-discuss] pfexec?

[Steve Jones]

> I completely agree, imagine a scenario where an opensource project
> repository has been compromised, and the Makefile for example changes
some
> files in /etc with "pfexec" and the user would never even notice it.

The problem is you're running an untrusted script.  A malicious
unprivileged script can still use any number of tricks to get you to
elevate its privileges, or give it information it needs.  A simple
example is moving the payload to the install: section of the Makefile.
Make would need to be running inside some sort of sandbox in order to
protect you from yourself.

Or, sudo/pfexec would need to be run in some sort of UI sandbox to
protect the rest of the system from you, things pretending to be you, or
things pretending to be sudo.  UAC for Solaris, or CTRL+ALT+DEL to enter
a secure terminal for any password entry, as in Win NT?  Last one
doesn't sound that bad, IMO.

Or, you could just give users exactly the privs they need, and assume
they will always have them, neatly avoiding the secure UI issue.  I hope
Solaris stays this path but that the 'exact privs', and UI for further
elevation are figured out.

That's how I see it anyway.

Regards,
Steve


-----Original Message-----
From: indiana-discuss-bounces at opensolaris.org
[mailto:indiana-discuss-bounces at opensolaris.org] On Behalf Of Lurie
Sent: Monday, June 08, 2009 8:57 AM
To: indiana-discuss at opensolaris.org
Subject: Re: [indiana-discuss] pfexec?

> All the certifications in the world do no good if the
> security system  
> is configured to hand out root privileges lightly.

I completely agree, imagine a scenario where an opensource project
repository has been compromised, and the Makefile for example changes
some files in /etc with "pfexec" and the user would never even notice
it. As cool as RBAC may be, considering that the default privilege for
the main user upon installation in OpenSolaris 2009.06 (and previous
versions) is "Primary Administrator" it essentially makes it the same as
running Windows with Administrator privileges...
-- 
This message posted from opensolaris.org
_______________________________________________
indiana-discuss mailing list
indiana-discuss at opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
Confidentiality Notice! This electronic transmission and any attached documents or other writings are confidential and are for the sole use of the intended recipient(s) identified above. This message may contain information that is privileged, confidential or otherwise protected from disclosure under applicable law. If the receiver of this information is not the intended recipient, or the employee, or agent responsible for delivering the information to the intended recipient, you are hereby notified that any use, reading, dissemination, distribution, copying or storage of this information is strictly prohibited. If you have received this information in error, please notify the sender by return email and delete the electronic transmission, including all attachments from your system.