PPRIV(1) User Commands PPRIV(1)
NAME
ppriv - inspect or modify process privilege sets and attributes
SYNOPSIS
/usr/bin/ppriv -e [
-D |
-N] [
-M] [
-s spec]
command [
arg]...
/usr/bin/ppriv [
-v] [
-S] [
-D |
-N] [
-s spec]
[
pid |
core]...
/usr/bin/ppriv -l [
-v] [
privilege-specification]...
DESCRIPTION
The first invocation of the
ppriv command runs the
command specified
with the privilege sets and flags modified according to the arguments
on the command line.
The second invocation examines or changes the privilege state of
running process and core files.
The third invocation lists the privileges defined and information
about specified privileges or privileges set specifications.
OPTIONS
The following options are supported:
-D Turns on privilege debugging for the processes or command
supplied.
-e Interprets the remainder of the arguments as a command
line and runs the command line with specified privilege
attributes and sets.
-l Lists all currently defined privileges on stdout.
-M When a system is configured with Trusted Extensions, this
option turns on the
NET_MAC_AWARE and
NET_MAC_AWARE_INHERIT process attributes.
A process with these attributes and the
net_mac_aware privilege can communicate with lower-level remote peers.
-N Turns off privilege debugging for the processes or command
supplied.
-s spec Modifies a process's privilege sets according to
spec, a
specification with the format
[AEILP][+-=]privsetspec,
containing no spaces, where:
AEILP Indicates one or more letters indicating
which privilege sets to change. These are
case insensitive, for example, either
a or
A indicates all privilege sets.
+-= Indicates a modifier to respectively add
(
+), remove (
-), or assign (
=) the listed
privileges to the specified set(s) in
privsetspec.
privsetspec Indicates a comma-separated privilege set
specification (
priv1,
priv2, and so on), as
described in
priv_str_to_set(3C).
Modifying the same set with multiple
-s options is
possible as long as there is either precisely one
assignment to an individual set or any number of additions
and removals. That is, assignment and addition or removal
for one set are mutually exclusive.
-S Short. Reports the shortest possible output strings for
sets. The default is portable output. See
priv_str_to_set(3C).
-v Verbose. Reports privilege sets using privilege names.
USAGE
The
ppriv utility examines processes and core files and prints or
changes their privilege sets.
ppriv can run commands with privilege debugging on or off or with
fewer privileges than the invoking process.
When executing a sub process, the only sets that can be modified are
L and
I. Privileges can only be removed from
L and
I as
ppriv starts
with
P=E=I.
ppriv can also be used to remove privileges from processes or to
convey privileges to other processes. In order to control a process,
the effective set of the
ppriv utility must be a super set of the
controlled process's
E,
I, and
P. The utility's limit set must be a
super set of the target's limit set. If the target's process uids do
not match, the
{PRIV_PROC_OWNER} privilege must be asserted in the
utility's effective set. If the controlled processes have any uid
with the value
0, more restrictions might exist. See
privileges(7).
EXAMPLES
Example 1: Obtaining the Process Privileges of the Current Shell
The following example obtains the process privileges of the current
shell:
example$
ppriv $$ 387: -sh
flags = <none>
E: basic
I: basic
P: basic
L: all
Example 2: Removing a Privilege From Your Shell's Inheritable and
Effective Set
The following example removes a privilege from your shell's
inheritable and effective set.
example$
ppriv -s EI-proc_session $$ The subprocess can still inspect the parent shell but it can no
longer influence the parent because the parent has more privileges in
its Permitted set than the
ppriv child process:
example$
truss -p $$ truss: permission denied: 387
example$
ppriv $$ 387: -sh
flags = <none>
E: basic,!proc_session
I: basic,!proc_session
P: basic
L: all
Example 3: Running a Process with Privilege Debugging
The following example runs a process with privilege debugging:
example$
ppriv -e -D cat /etc/shadow cat[418]: missing privilege "file_dac_read" (euid = 21782),
needed at ufs_access+0x3c
cat: cannot open /etc/shadow
The privilege debugging error messages are sent to the controlling
terminal of the current process. The
needed at address specification
is an artifact of the kernel implementation and it can be changed at
any time after a software update.
The system call number can be mapped to a system call using
/etc/name_to_sysnum.
Example 4: Listing the Privileges Available in the Current Zone
The following example lists the privileges available in the current
zone (see
zones(7)). When run in the global zone, all defined
privileges are listed.
example$
ppriv -l zone ... listing of all privileges elided ...
Example 5: Examining a Privilege Aware Process
The following example examines a privilege aware process:
example$
ppriv -S `pgrep rpcbind` 928: /usr/sbin/rpcbind
flags = PRIV_AWARE
E: net_privaddr,proc_fork,sys_nfs
I: none
P: net_privaddr,proc_fork,sys_nfs
L: none
See
setpflags(2) for explanations of the flags.
EXIT STATUS
The following exit values are returned:
0 Successful operation.
non-zero An error has occurred.
FILES
/proc/* Process files
/etc/name_to_sysnum system call name to number mapping
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | See below. |
+--------------------+-----------------+
The invocation is Committed. The output is Uncommitted.
SEE ALSO
gcore(1),
truss(1),
setpflags(2),
priv_str_to_set(3C),
proc(5),
attributes(7),
privileges(7),
zones(7) February 24, 2008 PPRIV(1)
