Light Sabers, Holidays and Least Privs

This morning I went and bought three Light Sabers , the weapon of choice for any young Jedi. No, this isn't because I'm some sad Star Wars junkie but because my three little boys will be 5 next week when we are on holiday (yes, they are triplets). They can beat eachother stupid with these things all week long (they'll probably be wondering why the don't actually cut hands off like in the film ...).

I'm off to catch some rays for a couple of weeks. Laptops and computers of any kind have been banned some I'm reduced to books which is probably a good thing.

Well, before I finally go I'll just mention that I was looking into the Least Privilege work that Casper Dik has introduced into Solaris 10 . This work provides a mechanism for fine grained control over the action of processes so that a processes privilige can be elevated to carry out a set of privileged operations (just create a device special file for example and nothing else). It's no longer all (uid == 0) or nothing (uid != 0).

This stuff is really cool. I was on a plane the other day writing some D scripts to show me when we'd failed a privilege check and what exactly had failed. I has the script working and I was quite pleased with myself when I noticed two things.
  • There is a DTrace sdt probe for failed permissions (priv-err) which I could use.
  • There is a kernel variable (priv_debug) which can be set to 1 to log all failures to /var/adm/messages.
Oh well, I think my script has got legs for more detailed failure analysis (such as what file or directory did I just try to operate on when a 'file_dac_write' was logged). I don't think the logging framework has that kind of thing at the moment but I may be wrong.

Very cool stuff though. There's even a developers guide for writing privilege aware applications which you can find here . Guess this should be some of my beach reading ...
Comments:

Post a Comment:
Comments are closed for this entry.
About

jonh

Search

Categories
Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today