Liane Praza wrote:
6. Security issues
Currently, as on other platforms, all of these daemons run as root with
full privileges. Further work is underway to utilise least privilege and
other Solaris security technologies to improve this situation.
Do we have a timeframe for when we can expect this to be done ?
Note that a perfectly acceptable first cut of this does not require
modification of the code. Just use the Privilege Debugging Blueprint
and the tool that is with it to determine what privileges are actually
used and use that as the initial set that SMF gives to the start method.
Additionally, the community is working on authentication schemes for
access to the control tools as part of the 'xend API' work. We intend to
leverage this work as we track upstream development.
Timeframe ?
In addition, no RBAC authorizations are being proposed in this case for the
service and property administration of these FMRIs at this point in time.
As there is no support for delegated administration in the rest of the Xen
control stack at this point in time, this would be at best an attractive
nuisance. (That is, there's not much point in delegating control of xend's
properties when starting a domain instance requires root anyway). When
further work is complete, RBAC facilities for these FMRIs will be detailed
in a future case.
This isn't acceptable to me. In fact I'd assert exactly the opposite.
Preciesly because Xen has no delegated admin system of its own there
should be an RBAC execution profile for running the Xen admin commands
and the rights profile should contain the RBAC authorisations used to
control the SMF services.
For example if there is an admin command that needs to be run with all
privilege then that should be in an RBAC profile.
This should have been covered in the main Xen case, for me though this
case makes it very clear that was probably missed.
--
Darren J Moffat
| 
