diff options
Diffstat (limited to 'cddl/contrib/dtracetoolkit/User/setuids.d')
-rwxr-xr-x | cddl/contrib/dtracetoolkit/User/setuids.d | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/cddl/contrib/dtracetoolkit/User/setuids.d b/cddl/contrib/dtracetoolkit/User/setuids.d new file mode 100755 index 0000000..f66d441 --- /dev/null +++ b/cddl/contrib/dtracetoolkit/User/setuids.d @@ -0,0 +1,82 @@ +#!/usr/sbin/dtrace -s +/* + * setuids.d - snoop setuid calls. This can examine user logins. + * Written in DTrace (Solaris 10 3/05). + * + * $Id: setuids.d 3 2007-08-01 10:50:08Z brendan $ + * + * USAGE: setuids.d + * + * FIELDS: + * UID user ID (from) + * SUID set user ID (to) + * PPID parent process ID + * PID process ID + * PCMD parent command + * CMD command (full arguments) + * + * SEE ALSO: BSM auditing + * + * COPYRIGHT: Copyright (c) 2005 Brendan Gregg. + * + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License, Version 1.0 only + * (the "License"). You may not use this file except in compliance + * with the License. + * + * You can obtain a copy of the license at Docs/cddl1.txt + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * CDDL HEADER END + * + * 09-May-2004 Brendan Gregg Created this. + * 08-May-2005 " " Used modern variable builtins. + * 28-Jul-2005 " " Last update. + */ + +#pragma D option quiet + +/* + * Print header + */ +dtrace:::BEGIN +{ + printf("%5s %5s %5s %5s %-12s %s\n", + "UID", "SUID", "PPID", "PID", "PCMD", "CMD"); +} + +/* + * Save values + */ +syscall::setuid:entry +{ + self->uid = uid; + self->suid = arg0; + self->ok = 1; +} + +/* + * Print output on success + */ +syscall::setuid:return +/arg0 == 0 && self->ok/ +{ + printf("%5d %5d %5d %5d %-12s %S\n", + self->uid, self->suid, ppid, pid, + curthread->t_procp->p_parent->p_user.u_comm, + curpsinfo->pr_psargs); +} + +/* + * Cleanup + */ +syscall::setuid:return +{ + self->uid = 0; + self->suid = 0; + self->ok = 0; +} |