cvs commit: ports/sysutils/hal Makefile
ports/sysutils/hal/files patch-hal.conf.in
Kris Kennaway
kris at obsecurity.org
Thu Nov 16 22:25:22 UTC 2006
On Thu, Nov 16, 2006 at 10:57:09PM +0100, Jean-Yves Lefort wrote:
> On Thu, 16 Nov 2006 16:15:50 -0500
> Kris Kennaway <kris at obsecurity.org> wrote:
>
> > On Thu, Nov 16, 2006 at 07:49:13PM +0000, Jean-Yves Lefort wrote:
> > > jylefort 2006-11-16 19:49:13 UTC
> > >
> > > FreeBSD ports repository
> > >
> > > Modified files:
> > > sysutils/hal Makefile
> > > Added files:
> > > sysutils/hal/files patch-hal.conf.in
> > > Log:
> > > Give wheel group members the same rights as operator group members.
> >
> > This violates the definition of the wheel group, FYI (even though it
> > might seem expedient), so it can be viewed as a weakening of the
> > security model. Prior to this commit, the only right that the wheel
> > group had was the ability to attempt to su to root, if the user knows
> > the password.
>
> The commit message should have been:
>
> Give wheel group members the same HAL rights (mount a volume, etc) as
> operator group members.
Yes, I understood. My point was that this was precisely the role of
the operator group, so you've combined two entities which previously
had distinct security behaviours.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-ports/attachments/20061116/b336a581/attachment.pgp
More information about the cvs-ports
mailing list