On 05/23/11 16:54, Ken Gunderson wrote:
> On Mon, 2011-05-23 at 23:29 +0200, Jeppe Toustrup wrote:
>> The change was made upstream. See this bug report which discusses the change:
>> https://defect.opensolaris.org/bz/show_bug.cgi?id=4885
>
> And here I used to think Dave was a smart guy.... let's bork Solaris's
> superior RBAC model so we can make it more like one of the lamest (at
> least w.r.t. seasoned users) Linux distros out there. Damn fine
> analysis there....;-{
The way RBAC was configured by the opensolaris installer was flagrantly
insecure (automatically granting any process running with the uid of the
initial user account the ability to exec arbitrary commands as uid 0
with all privileges)
The upstream change closes a serious security hole.
- Bill
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
