cvs commit: ports/sysutils/hal Makefile ports/sysutils/hal/files patch-hal.conf.in

Kris Kennaway kris at obsecurity.org
Thu Nov 16 22:25:22 UTC 2006


On Thu, Nov 16, 2006 at 10:57:09PM +0100, Jean-Yves Lefort wrote:
> On Thu, 16 Nov 2006 16:15:50 -0500
> Kris Kennaway <kris at obsecurity.org> wrote:
> 
> > On Thu, Nov 16, 2006 at 07:49:13PM +0000, Jean-Yves Lefort wrote:
> > > jylefort    2006-11-16 19:49:13 UTC
> > >
> > >   FreeBSD ports repository
> > >
> > >   Modified files:
> > >     sysutils/hal         Makefile
> > >   Added files:
> > >     sysutils/hal/files   patch-hal.conf.in
> > >   Log:
> > >   Give wheel group members the same rights as operator group members.
> >
> > This violates the definition of the wheel group, FYI (even though it
> > might seem expedient), so it can be viewed as a weakening of the
> > security model.  Prior to this commit, the only right that the wheel
> > group had was the ability to attempt to su to root, if the user knows
> > the password.
> 
> The commit message should have been:
> 
> Give wheel group members the same HAL rights (mount a volume, etc) as
> operator group members.

Yes, I understood.  My point was that this was precisely the role of
the operator group, so you've combined two entities which previously
had distinct security behaviours.

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20061116/b336a581/attachment.pgp


More information about the cvs-all mailing list