The following table shows the new resources and the access allowed by the resource.
|
Resource Name |
Access Given |
Functions Affected |
|---|---|---|
|
SUPERUSER.FILESYS.FILE (READ access or higher) |
Allows a user to read any HFS file and read or search any HFS directory |
Open*( for read, opendir(), readlink(), stat(), realpath(0) |
|
SUPERUSER.FILESYS.FILE (UPDATE access or higher) |
Allows a user to write to any existing HFS file. |
Open() for write |
|
SUPERUSER.FILESYS.FILE (CONTROL Access) |
Allows a user to write to any HFS directory. |
Link(), mkdir(), rename(), mdir(), syslink(), unlink() |
|
SUPERUSER.FILESYS.CHOWN |
Allows a user to change ownership of any file. |
Chown() |
|
SUPERUSER.FILESYS.MOUNT |
Allows a user to issue mount, unmount, quiesce, and unquiesce requests. change ownership of any file. |
Mount(), unmount(), quiesce(), unquiesce() |
|
SUPERUSER.FILESYS.PFSCTL |
Allows a user to call pfsctl() |
Pfsctl() |
|
SUPERUSER.FILESYS.VREGISTER |
Allows a user to issue vregister() to register as a vfs file server |
Vregister() |
|
SUPERUSER.IPC.RMID |
Allows a user to do ipcrm calls to clean up leftover IPC mechanisms |
Ipcrm command user of IPC_RMID for msgct(), semctl(), shmctl() |
|
SUPERUSER.PROCESS.GETPSENT |
Allows users to see all processes |
Getpsent()—ps command |
|
SUPERUSER.PROCESS.KILL |
Allows user to send signals to any process |
Kill() |
|
SUPERUSER.PROCESS.PTRACE |
Allows users to use dbx to trace any process |
Dbx |
|
SUPERUSER.SETPRIORITY |
Allows a user to increase his priority. |
Setpriority(), nice() |
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|