On Tue, Oct 14, 2008 at 10:19:35AM -0700, Edward Peschko wrote: ... Bryan answered the rest of your questions. I'll take a swing at:
> If not, why is it offered as an option for regular users? dtrace_kernel is provided as a separate privilege for the same reason as many of the other privileges that confer large amounts of power: because it allows flexibility and minimizing risk. On my work desktop, which I have complete control over, I give myself all of the dtrace privileges. That allows me to do quick tests of dtrace stuff, and destructive actions which effect process I own, without allowing me to panic the system. For those kinds of things, I have to su(1M) to root. Perhaps the description in privileges(5) should be updated to note the implied access to all kernel state. Cheers, - jonathan _______________________________________________ dtrace-discuss mailing list [email protected]
