#!/usr/bin/perl # # Demo script accompanying TD09 presentation # Developing and Deploying Securely # # This script is the left hand side (mostly superuser commands) # for the privileges portion of the talk v1.0.2. # use demotools; demotools::setprompt("[global 0]: \$"); $user = $ENV{"USER"}; #-------------------------------------------------- # main # slide 9 system("clear"); demotools::cmd("pfexec pgrep cat", "pfexec pgrep -U $user -n cat "); printf("\n"); demotools::cmd("pfexec ppriv -S `pgrep cat`", "pfexec ppriv -S `pgrep -U $user -n cat`"); # slide 11 system("clear"); demotools::cmd("pfexec pgrep ping", "pfexec pgrep -U $user -n ping"); printf("\n"); demotools::cmd("pfexec ppriv -S `pgrep ping`", "pfexec ppriv -S `pgrep -U $user -n ping`"); # slide 12 system("clear"); demotools::cmd("ppriv -lv basic"); # slide 21 system("clear"); demotools::cmd("tail -f /var/adm/messages"); # slide 22, first example system("clear"); demotools::cmd("pfexec dtrace -l \| grep priv-"); # slide 22, second example - SKIPPING THIS EXAMPLE IN THIS DEMO ##system("clear"); demotools::cmd("pfexec dtrace -n 'sdt:::priv-*'"); # slide 22, third example system("clear"); demotools::cmd("pfexec dtrace -n 'sdt:::priv-* { printf(\"%d %d %s\", arg0, pid, execname); }'"); # slide 23, first example system("clear"); demotools::cmd("pfexec privdebug.pl -n sshd -f -v"); # slide 23, second example system("clear"); demotools::cmd("pfexec privdebug.pl -n cat -f -v"); #--------------------------------------------------