Page 1
Whitepaper on Method to enable Privileged Process Debugging
Published: October 2012
Page 2
© Copyright 2010, 2012 Hewlett-Packard Development Company, L.P.
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial
Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
vendor's standard commercial license.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.
Acknowledgements
Microsoft®, Windows XP®, Windows Vista® and Windows 7® are U.S. registered trademarks of Microsoft Corporation.
UNIX® is a registered trademark of The Open Group.
Linux® is a U.S. registered trademark of Linus Torvalds.
Eclipse®® is a trademark of Eclipse Foundation Inc.
Page 3
Contents
1 Overview..................................................................................................4
2 Problem statement......................................................................................5
3 Solution....................................................................................................6
What is RBAC?........................................................................................................................6
What is FGP?..........................................................................................................................6
Problem with debugging a process with elevated privileges............................................................6
Solution using RBAC.................................................................................................................7
4 Limitations.................................................................................................9
5 Summary................................................................................................10
Contents 3
Page 4
1 Overview
Debugging utilities in hpux (for ex: tusc, gdb etc) fails to debug a process which has Fine Grained
Privileges unless; the debugging utility process has the same or higher set of privileges. A process
cannot inherit the privileges of other process at run time. The privileges need to be set for binary
before it is executed. HP-UX has different methods of elevating the privileges which are discussed
in solution section.
4 Overview
Page 5
2 Problem statement
Debugging—especially Privileged Process Debugging—has always been important in the customer
environment. If the debugging process is having lesser privileges than the process on which it is
executing, user will encounter the permission denied error message.
5
Page 6
3 Solution
User can set the privileges of debugger binary either manually using setfilexsec command or create
a new debug role in RBAC (Role Based Access Control) roles database with
hpux.security.access.privrun.* authorizations.
This document provides the details on how to provide the required privileges for debugging
processes using RBAC.
What is RBAC?
RBAC (Role-Based Access Control) is an alternative to the all-or-nothing security model of traditional
root user-based systems. With RBAC, an administrator can assign roles to non-root users or UNIX
groups. Each role has authorizations composed of an operation and object, where the operation
is an action that can be performed on an object, and the object is an object the user can access
with a given operation. HP-UX RBAC database files are available in /etc/rbac directory.
For more information on RBAC, we request user to refer the link mentioned below.
http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?
lang=en=us=101=10008=SupportManual=64255=18964=4164662
What is FGP?
The HP-UX FGP (fine-grained privilege) model splits the powers of root users into a set of privileges.
Each privilege grants a process that possesses that privilege the right to a certain set of restricted
services provided by the kernel. Privileges can be managed internally by a process with "privilege
bracketing". Privilege bracketing is the practice of enabling, or "raising", a privilege only while
the privilege is needed, then disabling, or "lowering", the privilege. The privileges that a process
has raised determine which sensitive system call services the process can invoke.
For more information, we request user to refer the privileges man pages
privileges(5) Overview of HP-UX privileges.
privileges(3) Describes fine-grained privileges interfaces.
Problem with debugging a process with elevated privileges
From the Fine Grained Privileges perspective, a process will not be able to adopt the privileges of
already running process. Process should have either same or higher set of privileges to attach to
other process. Without the required privileges debugging process will terminate with permission
denied error.
For example, let us take debugger tool tusc which uses ttrace for listing the system calls on the
running process.
Start the user process
# ./test &
[1] 5926
#
Check the privileges of the above created process
# getprocxsec 5926
effective= BASIC NETPRIVPORT
permitted= BASIC NETPRIVPORT
retained= none
cmpt= init
euid= zero
#
6 Solution
Page 7
Now try to debug the process using the tusc
# tusc 5926
tusc: ttrace(TT_PROC_ATTACH, 5926, 0, 0, dad0001, 0): Permission denied
tusc: no process to attach to
#
Since the privileges of debugger process (TUSC here) is lower than the test process, user gets
permission denied error.
Solution using RBAC
Using RBAC is a generic solution which customer can use to any debugger tool.
User has to follow the following steps
1. Adding a new debug role in the RBAC roles database
# roleadm add debug
roleadm: added role debug
#
2. Assign new authorization to the above debug role in order to add the entry to cmd_priv
database
# authadm assign debug hpux.security.access.privrun.*
authadm added 1 auth for role debug
#
3. Assign debug role to user from which the user wants to debug
# roleadm assign privdbg debug
roleadm assign done in /etc/rbac/user_role
#
4. Login into the user account (privdbg)
# telnet <hostname>
5. After login add debugger tool binary (For Ex. tusc binary) to cmd_priv database with required
privileges (above getprocxsec command output gives the required privileges list)
# /usr/sbin/cmdprivadm add cmd=/usr/local/bin/tusc \
op=hpux.security.acess.*,* object='*' \
ruid=0 euid=0 privs=BASIC,NETPRIVPORT
/usr/local/bin/tusc::(hpux.security.acess.*,*,*)
:0/0/-1/-1::BASIC,NETPRIVPORT::
cmdprivadm added the entry to /etc/rbac/cmd_priv #
6. Check if the user has privilege shell if not we request user to update the shell using usermod
command,
#echo $SHELL
/usr/bin/privksh
#
7. Now again start the user process
# ./test &
[1] 13646
#
8. Attach the PID of the running process to the debugger tool (For Ex. tusc here)
# tusc 13646
( Attached to process 13646 ("./test") [32-bit] )
Solution using RBAC 7
Page 8
In user-mode ........................................... [running]
exit(0) .................................. WIFEXITED(0)
[1] + Done ./test &
#
8 Solution
Page 9
4 Limitations
If customer is having more than one application and each one has different privileges, in that case
user need to combine all the privileges using comma separated list and add into cmd_priv database
against tusc.
9
Page 10
5 Summary
Debugging tools should have sufficient privileges to debug the processes whose privileges are
elevated. We can temporarily elevate and drop privileges of debugging tools using RBAC.
For More information,http://h21007.www2.hp.com/portal/download/files/unprot/hpux/
RBACv1_HP-UX11i.pdf
http://h21007.www2.hp.com/portal/StaticDownload?
attachment_ciid=ed0964c3c39f111064c3c39f1110275d6e10RCRD=0c08092f62f02110092f62f02110275d6e10RCRD
Man pages
privileges(5) Overview of HP-UX privileges.
privileges(3) Describes fine-grained privileges interfaces.
10 Summary
Loading...