PSECFLAGS(1) User Commands PSECFLAGS(1) NNAAMMEE ppsseeccffllaaggss - inspect or modify process security flags SSYYNNOOPPSSIISS //uussrr//bbiinn//ppsseeccffllaaggss _-_s [-+]flags _-_e _c_o_m_m_a_n_d [_a_r_g]... //uussrr//bbiinn//ppsseeccffllaaggss _-_s [-+]flags [_-_i _i_d_t_y_p_e] _i_d ... //uussrr//bbiinn//ppsseeccffllaaggss [_-_F] { _p_i_d | _c_o_r_e } //uussrr//bbiinn//ppsseeccffllaaggss _-_l DDEESSCCRRIIPPTTIIOONN The first invocation of the ppsseeccffllaaggss command runs the specified _c_o_m_m_a_n_d with the security-flags modified as described by the _-_s argument. The second invocation modifies the security-flags of the processes described by _i_d_t_y_p_e and _i_d according as described by the _-_s argument. The third invocation describes the security-flags of the specified processes or core files. The effective set is signified by 'EE', and the inheritable set by 'II' The fourth invocation lists the supported process security-flags OOPPTTIIOONNSS The following options are supported: --ee Interpret the remaining arguments as a command line and run the command with the security-flags specified with the _-_s flag. --FF Force. Grab the target process even if another process has control. --ii _i_d_t_y_p_e This option, together with the _i_d arguments specify one or more processes whose security-flags will be modified. The interpretation of the _i_d arguments is based on _i_d_t_y_p_e. If _i_d_t_y_p_e is omitted the default is ppiidd. Valid _i_d_t_y_p_e options are: aallll The ppsseeccffllaaggss command applies to all processes ccoonnttrraacctt, ccttiidd The security-flags of any process with a contract ID matching the _i_d arguments are modified. ggrroouupp, ggiidd The security-flags of any process with a group ID matching the _i_d arguments are modified. ppiidd The security-flags of any process with a process ID matching the _i_d arguments are modified. This is the default. ppppiidd The security-flags of any processes whose parent process ID matches the _i_d arguments are modified. pprroojjeecctt, pprroojjiidd The security-flags of any process whose project ID matches the _i_d arguments are modified. sseessssiioonn, ssiidd The security-flags of any process whose session ID matches the _i_d arguments are modified. ttaasskkiidd The security-flags of any process whose task ID matches the _i_d arguments are modified. uusseerr, uuiidd The security-flags of any process belonging to the users matching the _i_d arguments are modified. zzoonnee, zzoonneeiidd The security-flags of any process running in the zones matching the given _i_d arguments are modified --ll List all supported process security-flags --ss _s_p_e_c_i_f_i_c_a_t_i_o_n Modify the process security-flags according to _s_p_e_c_i_f_i_c_a_t_i_o_n. Specifications take the form [[--++]]ffllaaggssppeecc. Where ++ indicates that the given flags should be enabled in addition to the current flags, -- indicates the given flags should be disabled, and the default (with neither) the given flags should replace the current flags. ffllaaggssppeecc is a comma-separated list of security flags, or the string ""nnoonnee"", which indicates that the security-flags are to be cleared. For a list of valid security-flags, see ppsseeccffllaaggss --ll EEXXAAMMPPLLEESS EExxaammppllee 11 Display the security-flags of the current shell example$ ppsseeccffllaaggss $$$$ 100718: -sh E: aslr I: aslr EExxaammppllee 22 Run a user command with ASLR enabled in addition to any inherited security flags. example$ ppsseeccffllaaggss --ss ++aassllrr --ee //bbiinn//sshh $ psecflags $$ 100724: -sh E: none I: aslr EExxaammppllee 33 Remove aslr from the inheritable flags of all Bob's processes. example# ppsseeccffllaaggss --ss --aassllrr --ii uuiidd bboobb EEXXIITT SSTTAATTUUSS The following exit values are returned: 00 Success nnoonn--zzeerroo An error has occured AATTTTRRIIBBUUTTEESS See aattttrriibbuutteess(5) for descriptions of the following attributes: +--------------------+-----------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +--------------------+-----------------+ |Interface Stability | Volatile | +--------------------+-----------------+ SSEEEE AALLSSOO eexxeecc(2), aattttrriibbuutteess(5), ccoonnttrraacctt(4), sseeccuurriittyy--ffllaaggss(5), zzoonneess(5) May 3, 2014 PSECFLAGS(1)