NAME
getfilexsec — display security attributes of binary executables
SYNOPSIS
getfilexsec
[-r]
[-R]
[-p]
[-P]
[-f]
[-c]
filename ...
DESCRIPTION
The
getfilexsec
command displays various extended security attributes associated with
binary executable files.
These attributes include retained privileges, permitted privileges,
and compartment and security attribute flags.
See
privileges(5)
and
exec(2)
Options
The
getfilexsec
command recognizes the following options:
The following options are supported:
- -c
Displays the compartment name of the files.
- -f
Displays security attribute flags.
The only currently defined flag is the privilege start flag.
- -p
Displays the minimum permitted privileges.
- -P
Displays the maximum permitted privileges.
- -r
Displays the minimum retained privileges.
- -R
Displays the maximum retained privileges.
If none of the above options are specified, all extended security
attributes of the binary files are displayed.
Operands
getfilexsec
supports the following operand:
- filename
Binary executable file.
All file names given as arguments must be binary executables.
Files of other types (for example, script executables, text files, and so on)
are not permitted.
Security Restrictions
The user invoking this command must be able to open the directory in which
the binary executable files are present.
RETURN VALUE
getfilexsec
returns the following values:
- 0
Successful completion.
The attributes are displayed.
- >0
An error occurs.
An error can be caused by an invalid option or inadequate
permissions to perform the operation.
EXAMPLES
Example 1:
Display the maximum permitted privileges and privilege-aware flag
of binary executable file
/web/java:
# getfilexsec -P -f /web/java
Sample output:
/web/java:
Flag: start_nil
PermittedMaxPrivileges: CMPTREAD, CMPTWRITE
