NAME
setfilexsec — set binary executable file security attributes
SYNOPSIS
setfilexsec
-d
filename
setfilexsec
-D
absolutepath
setfilexsec
[-c
compartmentname]
[-f
flags]
[-p
privs]
[-P
privs]
[-r
privs]
[-R
privs]
filename
DESCRIPTION
setfilexsec
sets various security attributes of binary files.
The attributes currently include retained privileges, permitted privileges,
compartment, and the privilege start flag.
See
privileges(5)
and
execve(2)
for a description of these attributes.
The security attributes are persistent across reboot.
The attributes
are stored in a configuration file and loaded when the system reboots.
Options
setfilexsec
recognizes the following options:
- -c
Sets the compartment name for the binary executable file.
- -d
Deletes any security information for the file from the configuration file and
the kernel.
- -D
Delete any security information for the file given by
absolutepath
from the configuration file only.
This is used to clear attributes of a deleted file.
- -f
Sets the security attribute flags.
The only defined flag is the privilege start flag.
The
privilege_start
flag must be either
start_full
or
start_nil.
If the value is
start_full,
when the binary is executed, the process' effective privileges are set
to the newly computed permitted privilege set.
If the value is
start_nil,
when the binary file is executed, the process' effective privileges are set
to
nil
(no privileges).
If this option is not specified and the process start
flag
is not already set for the binary file, the flag is set to
start_nil.
- -p
Adds or changes the minimum permitted privileges.
This must be a subset of the maximum retained privileges.
- -P
Adds or changes the maximum permitted privileges.
This must be equal to or a superset of the minimum retained privileges.
- -r
Adds or changes the minimum retained privileges.
This must be a subset of the maximum retained privileges as well
as minimum permitted privileges.
- -R
Adds or changes the maximum retained privileges.
This must be equal to or a superset of the minimum retained privileges.
For the third form of the command,
if any of the options are not specified,
setfilexsec
takes the following action:
The security attribute acted upon by that option is set to NULL
if this is a new entry in security attributes.
The security attribute acted upon by that option is not modified
if the attribute is an existing entry in security attributes.
The
privs
argument is
any string that is acceptable to the
priv_list
argument to the
priv_str_to_set()
function where the delimiter is a comma
(,).
See
priv_str_to_set(3).
Operands
setfilexsec
recognizes the following operands:
- filename
A binary executable.
Extended attributes set on executable
scripts are ignored by the kernel.
Security Restrictions
The caller must have the following authorization:
hpux.security.xsec.filexsec.unrestricted
—or—
hpux.security.xsec.filexsec.restricted
RETURN VALUE
setfilexsec
returns the following values:
- 0
Successful completion.
The security attributes are updated successfully.
- >0
An error occurs.
An error can be caused by an invalid option, an
invalid argument, or insufficient permissions for the user
to perform the operation.
EXAMPLES
Example 1
Add a security attributes entry for the binary executable
/web/java
for the first time:
setfilexsec -r cmptread,cmptwrite \
-R policy,!dacwrite -p cmptread \
-P policy -f start_nil -c web /web/java
The
Example 1
command has the following effect:
Supposing that a process does an
exec()
of the binary
/web/java,
the process's attributes are modified as follows:
The retained privilege set includes at least
cmptread
and
cmptwrite.
The retained privilege set does not include
dacwrite.
The permitted privilege set includes at least
cmptread.
The permitted privilege set is equal to the policy privilege set
(depends on the inheritable set before the
exec()).
The process changes its compartment to
web.
Since the process is privilege-aware, the effective privilege set is empty
(and the application
/web/java
may raise the privileges in the permitted privilege set at run time).
Example 2
Modify the minimum retained privilege set and flags for the same binary:
setfilexsec -r cmptwrite -f start_full /web/java
Because the
start_full
flag
is specified, the effective privilege set is equal to the permitted
privilege set (the application presumably does not manipulate the
privileges at run time).
Example 3
Delete all extended security attributes entry for the same binary:
WARNINGS
If a binary file that has privilege attributes set is modified or replaced,
the attributes no longer apply to that file, but are still present in
system tables.
These system tables are re-loaded into the kernel if the
system is rebooted (that is, the attributes are applied after the
reboot).
To permanently remove the privilege attributes, run
setfilexsec -d.
When replacing a binary,
in order to retain the privileges on the binary without
rebooting, run
setfilexsec -d
first to remove the prior privilege attributes, replace the binary,
and then run
setfilexsec
to re-assign attributes.