il-aslr Sdiff usr/src/man/man5/privileges.5.man

Print this page

uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

 289            modify the process state in other processes, regardless of
 290            ownership. When modifying another process, additional restrictions
 291            apply: the effective privilege set of the attaching process must be
 292            a superset of the target process's effective, permitted, and
 293            inheritable sets; the limit set must be a superset of the target's
 294            limit set; if the target process has any UID set to 0 all privilege
 295            must be asserted unless the effective UID is 0. Allow a process to
 296            bind arbitrary processes to CPUs.
 297 
 298 
 299        PRIV_PROC_PRIOUP
 300            Allow a process to elevate its priority above its current level.
 301 
 302 
 303        PRIV_PROC_PRIOCNTL
 304            Allows all that PRIV_PROC_PRIOUP allows.  Allow a process to change
 305            its scheduling class to any scheduling class, including the RT
 306            class.
 307 
 308 





 309        PRIV_PROC_SESSION
 310            Allow a process to send signals or trace processes outside its
 311            session.
 312 
 313 
 314        PRIV_PROC_SETID
 315            Allow a process to set its UIDs at will, assuming UID 0 requires
 316            all privileges to be asserted.
 317 
 318 
 319        PRIV_PROC_TASKID
 320            Allow a process to assign a new task ID to the calling process.
 321 
 322 
 323        PRIV_PROC_ZONE
 324            Allow a process to trace or send signals to processes in other
 325            zones. See zones(5).
 326 
 327 
 328        PRIV_SYS_ACCT

 289            modify the process state in other processes, regardless of
 290            ownership. When modifying another process, additional restrictions
 291            apply: the effective privilege set of the attaching process must be
 292            a superset of the target process's effective, permitted, and
 293            inheritable sets; the limit set must be a superset of the target's
 294            limit set; if the target process has any UID set to 0 all privilege
 295            must be asserted unless the effective UID is 0. Allow a process to
 296            bind arbitrary processes to CPUs.
 297 
 298 
 299        PRIV_PROC_PRIOUP
 300            Allow a process to elevate its priority above its current level.
 301 
 302 
 303        PRIV_PROC_PRIOCNTL
 304            Allows all that PRIV_PROC_PRIOUP allows.  Allow a process to change
 305            its scheduling class to any scheduling class, including the RT
 306            class.
 307 
 308 
 309        PRIV_PROC_SECFLAGS
 310            Allow a process to manipulate the secflags of processes (subject
 311            to, additionally, the ability to signal that process)
 312 
 313 
 314        PRIV_PROC_SESSION
 315            Allow a process to send signals or trace processes outside its
 316            session.
 317 
 318 
 319        PRIV_PROC_SETID
 320            Allow a process to set its UIDs at will, assuming UID 0 requires
 321            all privileges to be asserted.
 322 
 323 
 324        PRIV_PROC_TASKID
 325            Allow a process to assign a new task ID to the calling process.
 326 
 327 
 328        PRIV_PROC_ZONE
 329            Allow a process to trace or send signals to processes in other
 330            zones. See zones(5).
 331 
 332 
 333        PRIV_SYS_ACCT