In-kernel pfexec implementation. [PSARC/2009/377 FastTrack timeout 07/10/2009]
Darren J Moffat
Darren.Moffat at sun.com
Tue Jul 7 11:33:14 PDT 2009
Joerg Schilling wrote:
> Casper.Dik at sun.com wrote:
>
>>
>>> If you call this a bug, when will the documentation (best practice) bug from
>>> Indiana be fixed that is based on manually calling pfexec?
>> I don't see a relation between the two. I'm not responsible for abuse of
>> pfexec; we could remove pfexec with this case but I have decided not to do
>> that.
>
> Then let me try to start the discussion in a different way.
>
> If you believe that implementing a way to switch the pfexec state in a shell
> on/off while the shell is running, then the whole pfexec concept contains a bug.
>
> This may be very easy be verified:
>
> You can always call one of the /bin/pf*sh* and get the pfexec feature enabled
> and you could terminate this shell whenever you like.
>
> So implementing a way to switch on/off the pfexec feature in a running shell
> just does the same in a more convenient way.
Please take this discussion to security-discuss at opensolaris.org it is
not relevant to this case.
--
Darren J Moffat
More information about the opensolaris-arc
mailing list