Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
   1 '\" te
   2 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
   3 .\" Copyright 2015, Joyent, Inc. All Rights Reserved.
   4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
   5 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
   6 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   7 .TH PRIVILEGES 5 "April 9, 2016"
   8 .SH NAME
   9 privileges \- process privilege model
  10 .SH DESCRIPTION
  11 .LP
  12 Solaris software implements a set of privileges that provide fine-grained
  13 control over the actions of processes. The possession of a certain privilege
  14 allows a process to perform a specific set of restricted operations.
  15 .sp
  16 .LP
  17 The change to a primarily privilege-based security model in the Solaris
  18 operating system gives developers an opportunity to restrict processes to those
  19 privileged operations actually needed instead of all (super-user) or no
  20 privileges (non-zero UIDs). Additionally, a set of previously unrestricted
  21 operations now requires a privilege; these privileges are dubbed the "basic"
  22 privileges and are by default given to all processes.
  23 .sp
  24 .LP
  25 Taken together, all defined privileges with the exception of the "basic"
  26 privileges compose the set of privileges that are traditionally associated with
  27 the root user. The "basic" privileges are "privileges" unprivileged processes


 555 .sp .6
 556 .RS 4n
 557 Allow a process to elevate its priority above its current level.
 558 .RE
 559 
 560 .sp
 561 .ne 2
 562 .na
 563 \fB\fBPRIV_PROC_PRIOCNTL\fR\fR
 564 .ad
 565 .sp .6
 566 .RS 4n
 567 Allows all that PRIV_PROC_PRIOUP allows.
 568 Allow a process to change its scheduling class to any scheduling class,
 569 including the RT class.
 570 .RE
 571 
 572 .sp
 573 .ne 2
 574 .na











 575 \fB\fBPRIV_PROC_SESSION\fR\fR
 576 .ad
 577 .sp .6
 578 .RS 4n
 579 Allow a process to send signals or trace processes outside its session.
 580 .RE
 581 
 582 .sp
 583 .ne 2
 584 .na
 585 \fB\fBPRIV_PROC_SETID\fR\fR
 586 .ad
 587 .sp .6
 588 .RS 4n
 589 Allow a process to set its UIDs at will, assuming UID 0 requires all privileges
 590 to be asserted.
 591 .RE
 592 
 593 .sp
 594 .ne 2


   1 '\" te
   2 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
   3 .\" Copyright 2015, Joyent, Inc. All Rights Reserved.
   4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
   5 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
   6 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   7 .TH PRIVILEGES 5 "Jun 6, 2016"
   8 .SH NAME
   9 privileges \- process privilege model
  10 .SH DESCRIPTION
  11 .LP
  12 Solaris software implements a set of privileges that provide fine-grained
  13 control over the actions of processes. The possession of a certain privilege
  14 allows a process to perform a specific set of restricted operations.
  15 .sp
  16 .LP
  17 The change to a primarily privilege-based security model in the Solaris
  18 operating system gives developers an opportunity to restrict processes to those
  19 privileged operations actually needed instead of all (super-user) or no
  20 privileges (non-zero UIDs). Additionally, a set of previously unrestricted
  21 operations now requires a privilege; these privileges are dubbed the "basic"
  22 privileges and are by default given to all processes.
  23 .sp
  24 .LP
  25 Taken together, all defined privileges with the exception of the "basic"
  26 privileges compose the set of privileges that are traditionally associated with
  27 the root user. The "basic" privileges are "privileges" unprivileged processes


 555 .sp .6
 556 .RS 4n
 557 Allow a process to elevate its priority above its current level.
 558 .RE
 559 
 560 .sp
 561 .ne 2
 562 .na
 563 \fB\fBPRIV_PROC_PRIOCNTL\fR\fR
 564 .ad
 565 .sp .6
 566 .RS 4n
 567 Allows all that PRIV_PROC_PRIOUP allows.
 568 Allow a process to change its scheduling class to any scheduling class,
 569 including the RT class.
 570 .RE
 571 
 572 .sp
 573 .ne 2
 574 .na
 575 \fB\PRIV_PROC_SECFLAGS\fR
 576 .ad
 577 .sp .6
 578 .RS 4n
 579 Allow a process to manipulate the secflags of processes (subject to,
 580 additionally, the ability to signal that process).
 581 .RE
 582 
 583 .sp
 584 .ne 2
 585 .na
 586 \fB\fBPRIV_PROC_SESSION\fR\fR
 587 .ad
 588 .sp .6
 589 .RS 4n
 590 Allow a process to send signals or trace processes outside its session.
 591 .RE
 592 
 593 .sp
 594 .ne 2
 595 .na
 596 \fB\fBPRIV_PROC_SETID\fR\fR
 597 .ad
 598 .sp .6
 599 .RS 4n
 600 Allow a process to set its UIDs at will, assuming UID 0 requires all privileges
 601 to be asserted.
 602 .RE
 603 
 604 .sp
 605 .ne 2