On Tue, Oct 14, 2008 at 10:19:35AM -0700, Edward Peschko wrote: > hey.. > > I talked to my sysadmins about getting access to the dtrace_kernel role, and > they said they were hesitant to give this out because they thought it was a > security risk - ie: that you could use it for privilege escalation.
Yes, they're absolutely right. Take a machine on which you do have dtrace_kernel, and run Brendan's diabolical shellsnoop: http://www.brendangregg.com/DTrace/shellsnoop > How true is this? Is there a way to make it user safe? If not, why is it > offered as an option for regular users? That should answer your last question. ;) - Bryan -------------------------------------------------------------------------- Bryan Cantrill, Sun Microsystems Fishworks. http://blogs.sun.com/bmc _______________________________________________ dtrace-discuss mailing list [email protected]
