Re: [Fed-Talk] Another BSM related question
Re: [Fed-Talk] Another BSM related question
- Subject: Re: [Fed-Talk] Another BSM related question
- From: David Emery <email@hidden>
- Date: Tue, 18 Aug 2009 16:58:55 -0400
Always glad to provide a good example :-) It's not clear what app is
making this request, though.
Thanks for the explanation.
dave
Shawn A. Geddis wrote:
David,
This doesn't seem to align with Shawn's explanation (or my intuition
what "system.burn" would mean.)
Actually, quite the opposite. What you have provided explicitly
states what I noted. You provided a good example. :-)
Looking at your log entry...
... com.apple.SecurityServer: Succeeded authorizing right
system.burn for /user/sbin/system_profiler for authorization created
by /usr/sbin/system_profiler.
*Succeeded* */authorizing/* */right/* *system.burn* for
*//user/sbin/system_profiler/*
This means that you probably have the Client performing some scheduled
checks of the system via system_profiler which in turn is checking the
capabilities on the box (such as optical drives) and in checking it
(system_profiler) the SecurityServer needs to ensure that it has the
right to acquire this information -- hence the acquisition of the
right: system.burn. The Right is currently defined to just
*allow* this to happen (no challenge, no authentication) and so it
will succeed without any user/admin interaction.
Either change the right or alter the MCX (Managed Client for X) for
that system/user and you would see quite the opposite results.
- Shawn
_____________________________________________________
Shawn Geddis - Security Consulting Engineer - Apple Enterprise
--
David Emery, DSCI, supporting PdM FCS (BCT) SW Integration
703 298 3473 (office/cell), 703 272 7496 (fax)
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden