Displaying 5 results from an estimated 5 matches for "dtrace_kernel".
2008 Oct 14
5
dtrace_kernel and privilege escalation
hey..
I talked to my sysadmins about getting access to the dtrace_kernel role, and they said they were hesitant to give this out because they thought it was a security risk - ie: that you could use it for privilege escalation.
How true is this? Is there a way to make it user safe? If not, why is it offered as an option for regular users?
Thanks much,
Ed
--
This messa...
2007 Apr 27
6
User Privileges and Dtrace
Dear Experts,
My customer is migrating to Solaris 10 from Solaris 8 and have asked me to determine if: With Dtrace, is the user limited to probing only processes they own?
The customer has a general security requirement to control user access via management of privileges. Currently, on Solaris 8, LDAP is strongly while RBAC is weakly applied. This will likely change in the Solaris 10 production
2006 Jun 20
1
Extending lwpsinfo_t with pr_lgrp for DTrace consumers
...lgrp field which will be implemented using translator. This will
match the addition of the pr_lgrp field to the proc(4) lwpsinfo_t structure
that is done with the NUMA observability changes (it utilises one of the five
reserved fields).
The pr_lgrp field will only be available for consumers with dtrace_kernel
privilege since the translator needs to do kernel pointer dereference.
This change allows simple script to get lgroup migration statistics, e.g.
sched:::on-cpu
/execname != "sched" && curlwpsinfo->pr_lgrp != lgrp/
{
@[execname, curlwpsinfo->pr_lgrp] = count();
}
snm...
2008 May 16
2
how can we use libdtrace within the DTrace security restrictions?
...op) to manage the services, edit configuration files
and deploy content. Ideally, then the user would be able to
transparently use the NetBeans IDE to develop/deploy content and use
DTrace to observe what''s going on with their app.
We''ve tried giving the user the dtrace_proc, dtrace_kernel and
dtrace_user privileges, but the user cannot see or use the providers in
the process owned by another user. Running by root or pfexec with
Primary Admin profile works. Is this by design? Is there any good way
to address this? Running NetBeans as root is impractical for a variety
of reas...
2008 Sep 30
12
dtrace missing ''unlinkat''? showing process stack?
everyone,
Just out of curiosity, I did a
dtrace -n ''syscall:::entry { @num[execname, probefunc] = count(); }''
and looked at the entries produced by ''rm''.
I see everything that rm did, *except* the unlinkat - which is unfortunate because I want to trace which processes have deleted which files.
So - does dtrace contain unlinkat as a probe for a system call?