search for: dtrace_kernel

hey.. I talked to my sysadmins about getting access to the dtrace_kernel role, and they said they were hesitant to give this out because they thought it was a security risk - ie: that you could use it for privilege escalation. How true is this? Is there a way to make it user safe? If not, why is it offered as an option for regular users? Thanks much, Ed -- This messa...

Dear Experts, My customer is migrating to Solaris 10 from Solaris 8 and have asked me to determine if: With Dtrace, is the user limited to probing only processes they own? The customer has a general security requirement to control user access via management of privileges. Currently, on Solaris 8, LDAP is strongly while RBAC is weakly applied. This will likely change in the Solaris 10 production

...lgrp field which will be implemented using translator. This will match the addition of the pr_lgrp field to the proc(4) lwpsinfo_t structure that is done with the NUMA observability changes (it utilises one of the five reserved fields). The pr_lgrp field will only be available for consumers with dtrace_kernel privilege since the translator needs to do kernel pointer dereference. This change allows simple script to get lgroup migration statistics, e.g. sched:::on-cpu /execname != "sched" && curlwpsinfo->pr_lgrp != lgrp/ { @[execname, curlwpsinfo->pr_lgrp] = count(); } snm...

...op) to manage the services, edit configuration files and deploy content. Ideally, then the user would be able to transparently use the NetBeans IDE to develop/deploy content and use DTrace to observe what''s going on with their app. We''ve tried giving the user the dtrace_proc, dtrace_kernel and dtrace_user privileges, but the user cannot see or use the providers in the process owned by another user. Running by root or pfexec with Primary Admin profile works. Is this by design? Is there any good way to address this? Running NetBeans as root is impractical for a variety of reas...

everyone, Just out of curiosity, I did a dtrace -n ''syscall:::entry { @num[execname, probefunc] = count(); }'' and looked at the entries produced by ''rm''. I see everything that rm did, *except* the unlinkat - which is unfortunate because I want to trace which processes have deleted which files. So - does dtrace contain unlinkat as a probe for a system call?