In-kernel pfexec implementation. [PSARC/2009/377 FastTrack timeout 07/10/2009]
Nicolas Williams
Nicolas.Williams at sun.com
Sun Jul 5 04:37:18 PDT 2009
On Fri, Jul 03, 2009 at 05:43:38AM -0700, Casper Dik wrote:
> Additional, this project will deliver "Forced Privileges" through
> the exec_attr database:
>
> - Unsafe privileges are not required to execute ping, traceroute,
> etc. (If an executable is set-uid root, then the kernel
> will lookup the Forced Privileges for that executable)
> - Set-uid applications in that list will not start as root,
> instead they run with the appropriate privileges.
It's not clear if you meant that there's a new interface for specifying
"Forced Privileges".
Are you saying that there's now a way to separately specify privileges
to "force" on exec() beyond what the process has in its limit set, or
that the kernel grants less than "full privilege" (currently euid == 0 +
oE = oP = L) to processes exec()ing set-uid programs for which there
exist exec_attr(4) entries?
If the former then I'd expect there should be more details. If the
latter, then, does that apply regardless of whether PRIV_PFEXEC is set?
Nico
--
More information about the opensolaris-arc
mailing list