Hi Paul,
Is dtrace_kernel under consideration? It potentially allows some leaks
by letting a user observe a significant chunk of the kernel's state, but
I know of no security holes from dtrace_user and dtrace_proc unless
people share userids (which opens up all kinds of other problems anyway).
Maybe an expert on the list can give a more definitive answer, though...
everyone in my group at work has root access so dtrace_* privileges are
moot from a security standpoint.
Regards,
Ryan
On 3/4/2010 5:00 AM, Paul Anderson wrote:
A question came up today about how much it would be a security risk to
give DBA's pprivs to all of the DTrace layers (basic, dtrace_user,
dtrace_proc). It is my understanding this is not much of a security
risk and could not be detrimental to the system as a whole. I welcome
comments about this.
Paul
Please contact me professionally at LinkedIn.
Linkedin <http://www.linkedin.com/pub/paul-anderson/5/800/677>
------------------------------------------------------------------------
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up
now. <http://clk.atdmt.com/GBL/go/201469229/direct/01/>
_______________________________________________
dtrace-discuss mailing list
dtrace-discuss@opensolaris.org
_______________________________________________
dtrace-discuss mailing list
dtrace-discuss@opensolaris.org
