HP-UX Security Containment Extensions B.11.31.03 Release Notes
• Some of the fine-grained privileges are divided into more granularity. If the HP-UX
ContainmentPlus product (version B.11.31.02 or later) is installed on the system, the
PRIV_SYSATTR , PRIV_MOUNT, and PRIV_DEVOPS privileges are each divided into two
privileges. By using the new privileges, a process can now allow a subset of the operations
while disallowing the other. See privileges(5)
• Fixes for known issues to the HP-UX 11i Security Containment product. See “Known issues
fixed” (page 7).
1.3 Compatibility information and installation requirements
If the HP-UX ContainmentPlus product (version B.11.31.02 or later) is installed on the system,
the PRIV_SYSATTR, PRIV_MOUNT and PRIV_DEVOPS privileges are each divided into two
privileges. The PRIV_SYSATTR privilege is divided into PRIV_CORESYSATTR and
PRIV_HOSTATTR. The PRIV_MOUNT privilege is divided into PRIV_FSMOUNT and
PRIV_SWAPCTL. The PRIV_DEVOPS privilege is divided into PRIV_RDEVOPS and PRIV_PTYOPS.
This new privilege model allows applications, when explicitly developed to be aware of HP-UX
privileges (see privileges(5)), to have finer control over the administrative capabilities that were
controlled by the PRIV_SYSATTR, PRIV_MOUNT and PRIV_DEVOPS privileges.
System calls that manage a system's host and domain names (see setdomainname(2), sethostname(2),
and setuname(2)) now require the PRIV_HOSTATTR privilege.
System calls that manage a system's swap space (see swapctl(2) and swapon(2)) now require the
PRIV_SWAPCTL privilege.
System calls that manage streams-based terminals (see ldterm(7)) now require the PRIV_PTYOPS
privilege.
The above system calls will return -1 with errno set to either EPERM or EACCESS if the required
privilege is not possessed by the calling process.
To maintain backward compatibility for HP-UX privileges aware applications in the new privilege
model, the string representation of the PRIV_SYSATTR, PRIV_DEVOPS, and PRIV_MOUNT
privileges will continue to be supported as compound privileges [PRIV_CORESYSATTR and
PRIV_HOSTATTR], [PRIV_RDEVOPS and PRIV_PTYOPS], and [PRIV_SWAPCTL and
PRIV_FSMOUNT] in the user space. All HP-UX core kernel modules and commands have been
updated to support the new privileges. This ensures standard and typical HP-UX privileges
aware applications to continue to work in the new privilege model without requiring any changes
unless you want to take advantage of the new privilege model to gain finer control.
However, in very rare cases, the following incompatibilities can occur:
• An application that manages the host/domain name, system swap space, or streams-based
terminals, and uses numeric representation of the PRIV_SYSATTR, PRIV_MOUNT or
PRIV_DEVOPS privilege to gain, drop, or check the required privileges can fail to perform
these operations due to a lack of privileges.
• An application that manages the host/domain name, system swap space, or streams-based
terminals and is linked with the archive version of the libsec library can fail to perform
these operations due to a lack of privileges.
• An application that relies on how the privileges are converted between their string
representation and numerical representation and the direct results from the conversion can
get different results.
If an incompatibility occurs, log your issue with the HP Response Center, either on line through
the support case manager at http://www.itrc.hp.com/, or by calling HP Support. You can also
change the privileges_core_enhs kernel tunable to 0 to have the system use the old privilege
model. Note that privileges_core_enhs is a static kernel tunable which requires a system
reboot.
HP-UX Security Containment Extensions B.11.31.03 has the following hardware requirements:
6 HP-UX Security Containment Extensions