z/OS Security Server RACF Callable Services
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


RACF authorization

z/OS Security Server RACF Callable Services
SA23-2293-00

  1. R_ptrace checks whether the caller is a superuser, or whether the caller is the owner of the target process. If the caller is the owner of the target process, R_ptrace verifies that the target process is not running a SETUID or SETGID program. If the caller is a superuser, R_ptrace does not verify that the target precess is not running a SETUID or SETGID program.
  2. If the caller is not superuser nor the process owner, an authorization check is performed on the resource name in the UNIXPRIV class shown in Table 1. If the authorization check is successful, the caller is treated as a superuser.
    Table 1. UNIXPRIV class resource names used in R_ptrace
    Audit function code Resource name Access required
    N/A SUPERUSER.PROCESS.PTRACE READ
  3. When the SECLABEL class is active, and the high order bit of the Target_PID is on, R_ptrace checks if the caller's security label is equivalent to the target process's security label, unless the ACEE indicates trusted or privileged authority.
Parent topic: R_ptrace (IRRSPT00): Ptrace authority check

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014