On Mon, 2011-05-23 at 17:03 -0700, Bill Sommerfeld wrote: > On 05/23/11 16:54, Ken Gunderson wrote: > > On Mon, 2011-05-23 at 23:29 +0200, Jeppe Toustrup wrote: > >> The change was made upstream. See this bug report which discusses the > >> change: > >> https://defect.opensolaris.org/bz/show_bug.cgi?id=4885 > > > > And here I used to think Dave was a smart guy.... let's bork Solaris's > > superior RBAC model so we can make it more like one of the lamest (at > > least w.r.t. seasoned users) Linux distros out there. Damn fine > > analysis there....;-{ > > The way RBAC was configured by the opensolaris installer was flagrantly > insecure (automatically granting any process running with the uid of the > initial user account the ability to exec arbitrary commands as uid 0 > with all privileges) > > The upstream change closes a serious security hole. > > - Bill
Yeah, I read the thread, and that aspect I do agree with. The part that irked me was the this makes things more familiar for Ubuntu Linux users (ir)rationale. -- Ken Gunderson <[email protected]> _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
