Re: [Fed-Talk] Another BSM related question
Re: [Fed-Talk] Another BSM related question
- Subject: Re: [Fed-Talk] Another BSM related question
- From: "Shawn A. Geddis" <email@hidden>
- Date: Tue, 18 Aug 2009 16:36:13 -0400
David,
This doesn't seem to align with Shawn's explanation (or my intuition what "system.burn" would mean.)
Actually, quite the opposite. What you have provided explicitly states what I noted. You provided a good example. :-)
Looking at your log entry... ... com.apple.SecurityServer: Succeeded authorizing right system.burn for /user/sbin/system_profiler for authorization created by /usr/sbin/system_profiler.
Succeeded authorizing right system.burn for /user/sbin/system_profiler
This means that you probably have the Client performing some scheduled checks of the system via system_profiler which in turn is checking the capabilities on the box (such as optical drives) and in checking it (system_profiler) the SecurityServer needs to ensure that it has the right to acquire this information -- hence the acquisition of the right: system.burn. The Right is currently defined to just allow this to happen (no challenge, no authentication) and so it will succeed without any user/admin interaction.
Either change the right or alter the MCX (Managed Client for X) for that system/user and you would see quite the opposite results.
- Shawn _____________________________________________________ Shawn Geddis - Security Consulting Engineer - Apple Enterprise
On Aug 18, 2009, at 3:13 PM, David Emery wrote: In my secure.log, I'm seeing a nightly entry that looks like this: ... com.apple.SecurityServer: Succeeded authorizing right system.burn for /user/sbin/system_profiler for authorization created by /usr/sbin/system_profiler. ... sshd [10046]: Did not receive identification string from 127.0.0.1 This doesn't seem to align with Shawn's explanation (or my intuition what "system.burn" would mean.) Anyone else seeing this in their secure.log? dave Mary,
"system.burn" is just one of the many "Rights" that are defined in / etc/authorization which a User/Admin must acquire before performing the corresponding action. Anytime you see an authentication dialog, you can click on the disclosure triangle and see what right is required for performing that action.
In this case, to burn a cd/dvd requires the acquisition of the corresponding "Right" of "system.burn" defined in the Authorization database (which right now is the /etc/authorization - XML flat file).
The snippet of the default from the file for this is:
<key>system.burn</key>
<dict>
<key>class</key>
<string>allow</string>
<key>comment</key>
<string>For burning media.</string>
</dict>
- Shawn
_____________________________________________________
Shawn Geddis - Security Consulting Engineer - Apple Enterprise
-- David Emery, DSCI, supporting PdM FCS (BCT) SW Integration 703 298 3473 (office/cell), 703 272 7496 (fax)
|
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden