Hi,
I opened an RFE/idea a while back, but had little support for the idea. However recently a colleague in Europe ran into the same issue and the development team is looking at it again. If you think this is an issue, we would welcome you adding your support to the request (
AIX/PowerSC Trusted Execution (TE) | IBM Power Ideas Portal).
BackgroundBriefly you can enable TE CHKSCRIPT and still execute the script using a shell, for example
Running the script:
./<my_script>
will be checked by TE, whereas running:
ksh ./<my_script>
will not be checked.
My concern is that administrators will believe that they have secured the scripts in their system, but this can be easily worked around
I have also added the idea that configuration files should be able to be added the the TSD and checked with they are read. This I believe will add extra protection to applications / daemons from reading modified configuration files.
.
I hope that you can support this improvement.
Cheers,
Red.
------------------------------
========================
Antony Steel (Red)
Belisama Pte. Ltd.
antony.steel@belisama.com.sg------------------------------