%!PS
%%Version: 3.3.1
%%DocumentFonts: (atend)
%%Pages: (atend)
%%EndComments
%
% Version 3.3.1 prologue for troff files.
%

/#copies 1 store
/aspectratio 1 def
/formsperpage 1 def
/landscape false def
/linewidth .3 def
/magnification 1 def
/margin 0 def
/orientation 0 def
/resolution 720 def
/rotation 1 def
/xoffset 0 def
/yoffset 0 def

/roundpage true def
/useclippath true def
/pagebbox [0 0 612 792] def

/R  /Times-Roman def
/I  /Times-Italic def
/B  /Times-Bold def
/BI /Times-BoldItalic def
/H  /Helvetica def
/HI /Helvetica-Oblique def
/HB /Helvetica-Bold def
/HX /Helvetica-BoldOblique def
/CW /Courier def
/CO /Courier def
/CI /Courier-Oblique def
/CB /Courier-Bold def
/CX /Courier-BoldOblique def
/PA /Palatino-Roman def
/PI /Palatino-Italic def
/PB /Palatino-Bold def
/PX /Palatino-BoldItalic def
/Hr /Helvetica-Narrow def
/Hi /Helvetica-Narrow-Oblique def
/Hb /Helvetica-Narrow-Bold def
/Hx /Helvetica-Narrow-BoldOblique def
/KR /Bookman-Light def
/KI /Bookman-LightItalic def
/KB /Bookman-Demi def
/KX /Bookman-DemiItalic def
/AR /AvantGarde-Book def
/AI /AvantGarde-BookOblique def
/AB /AvantGarde-Demi def
/AX /AvantGarde-DemiOblique def
/NR /NewCenturySchlbk-Roman def
/NI /NewCenturySchlbk-Italic def
/NB /NewCenturySchlbk-Bold def
/NX /NewCenturySchlbk-BoldItalic def
/ZD /ZapfDingbats def
/ZI /ZapfChancery-MediumItalic def
/S  /S def
/S1 /S1 def
/GR /Symbol def

/inch {72 mul} bind def
/min {2 copy gt {exch} if pop} bind def

/setup {
	counttomark 2 idiv {def} repeat pop

	landscape {/orientation 90 orientation add def} if
	/scaling 72 resolution div def
	linewidth setlinewidth
	1 setlinecap

	pagedimensions
	xcenter ycenter translate
	orientation rotation mul rotate
	width 2 div neg height 2 div translate
	xoffset inch yoffset inch neg translate
	margin 2 div dup neg translate
	magnification dup aspectratio mul scale
	scaling scaling scale

	addmetrics
	0 0 moveto
} def

/pagedimensions {
	useclippath userdict /gotpagebbox known not and {
		/pagebbox [clippath pathbbox newpath] def
		roundpage currentdict /roundpagebbox known and {roundpagebbox} if
	} if
	pagebbox aload pop
	4 -1 roll exch 4 1 roll 4 copy
	landscape {4 2 roll} if
	sub /width exch def
	sub /height exch def
	add 2 div /xcenter exch def
	add 2 div /ycenter exch def
	userdict /gotpagebbox true put
} def

/addmetrics {
	/Symbol /S null Sdefs cf
	/Times-Roman /S1 StandardEncoding dup length array copy S1defs cf
} def

/pagesetup {
	/page exch def
	currentdict /pagedict known currentdict page known and {
		page load pagedict exch get cvx exec
	} if
} def

/decodingdefs [
	{counttomark 2 idiv {y moveto show} repeat}
	{neg /y exch def counttomark 2 idiv {y moveto show} repeat}
	{neg moveto {2 index stringwidth pop sub exch div 0 32 4 -1 roll widthshow} repeat}
	{neg moveto {spacewidth sub 0.0 32 4 -1 roll widthshow} repeat}
	{counttomark 2 idiv {y moveto show} repeat}
	{neg setfunnytext}
] def

/setdecoding {/t decodingdefs 3 -1 roll get bind def} bind def

/w {neg moveto show} bind def
/m {neg dup /y exch def moveto} bind def
/done {/lastpage where {pop lastpage} if} def

/f {
	dup /font exch def findfont exch
	dup /ptsize exch def scaling div dup /size exch def scalefont setfont
	linewidth ptsize mul scaling 10 mul div setlinewidth
	/spacewidth ( ) stringwidth pop def
} bind def

/changefont {
	/fontheight exch def
	/fontslant exch def
	currentfont [
		1 0
		fontheight ptsize div fontslant sin mul fontslant cos div
		fontheight ptsize div
		0 0
	] makefont setfont
} bind def

/sf {f} bind def

/cf {
	dup length 2 idiv
	/entries exch def
	/chtab exch def
	/newencoding exch def
	/newfont exch def

	findfont dup length 1 add dict
	/newdict exch def
	{1 index /FID ne {newdict 3 1 roll put}{pop pop} ifelse} forall

	newencoding type /arraytype eq {newdict /Encoding newencoding put} if

	newdict /Metrics entries dict put
	newdict /Metrics get
	begin
		chtab aload pop
		1 1 entries {pop def} for
		newfont newdict definefont pop
	end
} bind def

%
% A few arrays used to adjust reference points and character widths in some
% of the printer resident fonts. If square roots are too high try changing
% the lines describing /radical and /radicalex to,
%
%	/radical	[0 -75 550 0]
%	/radicalex	[-50 -75 500 0]
%
% Move braceleftbt a bit - default PostScript character is off a bit.
%

/Sdefs [
	/bracketlefttp		[201 500]
	/bracketleftbt		[201 500]
	/bracketrighttp		[-81 380]
	/bracketrightbt		[-83 380]
	/braceleftbt		[203 490]
	/bracketrightex		[220 -125 500 0]
	/radical		[0 0 550 0]
	/radicalex		[-50 0 500 0]
	/parenleftex		[-20 -170 0 0]
	/integral		[100 -50 500 0]
	/infinity		[10 -75 730 0]
] def

/S1defs [
	/underscore		[0 80 500 0]
	/endash			[7 90 650 0]
] def
%
% Tries to round clipping path dimensions, as stored in array pagebbox, so they
% match one of the known sizes in the papersizes array. Lower left coordinates
% are always set to 0.
%

/roundpagebbox {
    7 dict begin
	/papersizes [8.5 inch 11 inch 14 inch 17 inch] def

	/mappapersize {
		/val exch def
		/slop .5 inch def
		/diff slop def
		/j 0 def
		0 1 papersizes length 1 sub {
			/i exch def
			papersizes i get val sub abs
			dup diff le {/diff exch def /j i def} {pop} ifelse
		} for
		diff slop lt {papersizes j get} {val} ifelse
	} def

	pagebbox 0 0 put
	pagebbox 1 0 put
	pagebbox dup 2 get mappapersize 2 exch put
	pagebbox dup 3 get mappapersize 3 exch put
    end
} bind def

%%EndProlog
%%BeginSetup
mark
/linewidth 0.5 def
/xoffset 0 def
/yoffset 0 def
/#copies 1 store
/magnification 1 def
%%FormsPerPage: 1
/formsperpage 1 def

/landscape false def
/resolution 720 def
setup
2 setdecoding
%%EndSetup
%%Page: 1 1
/saveobj save def
mark
1 pagesetup
10 R f
( \( 1 \))3 140( GETLAB)1 4006(GETLAB \( 1 \))3 534 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(getlab \261 print security labels of \256les and processes)8 2008 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(getlab)1080 1368 w
10 R f
([)1465 1368 w
10 CW f
(-d)1523 1368 w
10 R f
(] [)1 91 1 1668 1368 t
10 I f
(\256le ...)1 222 1 1784 1368 t
10 R f
(])2031 1368 w
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1536 t
10 R f
(If there is a)3 487 1 1080 1656 t
10 I f
(\256le)1604 1656 w
10 R f
(argument,)1763 1656 w
10 I f
(getlab)2202 1656 w
10 R f
(prints, in the style of)4 873 1 2489 1656 t
10 I f
(labtoa)3399 1656 w
10 R f
( the named \256les.)3 694(\(3\), the security labels of)4 1043 2 3663 1656 t
(Otherwise,)1080 1776 w
10 I f
(getlab)1540 1776 w
10 R f
(prints the security label of the process and the process ceiling, The option is)13 3029 1 1815 1776 t
10 CW f
(-d)1080 1944 w
10 R f
(Also print labels of all open \256le descriptors.)7 1754 1 1440 1944 t
(If a \(character special\))3 916 1 1080 2112 t
10 I f
(\256le)2029 2112 w
10 R f
( the \256le descriptor differ, both are)6 1398(can be opened, and the labels of the \256le and)9 1818 2 2184 2112 t
(printed.)1080 2232 w
9 R f
( S)1 2( LE ES)2 109( PL)1 57( MP)1 52( XA AM)2 149(E EX)1 122 6 720 2400 t
10 CW f
(getlab /dev/stdin)1 1020 1 1080 2520 t
10 R f
(Print the labels \(\256le system entry and \256le descriptor\) of the standard input.)12 2972 1 1440 2640 t
10 CW f
(drop getlab -d)2 840 1 1080 2808 t
10 R f
( label, preventing the open-\256le check and the ceiling-label check \(see)10 2802(Print the process)2 672 2 1440 2928 t
10 I f
(getplab)4943 2928 w
10 R f
(\(2\)\))5251 2928 w
(from raising the process label.)4 1206 1 1440 3048 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 3216 t
10 I f
(stat)1080 3336 w
10 R f
(\(1\),)1233 3336 w
10 I f
(get\257ab)1399 3336 w
10 R f
(\(2\),)1679 3336 w
10 I f
(getplab)1845 3336 w
10 R f
(\(2\))2153 3336 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 2027(Page 1)1 269 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 1 1
%%Page: 2 2
/saveobj save def
mark
2 pagesetup
10 R f
( \( 1 \))3 140( NOTARY)1 3984(NOTARY \( 1 \))3 556 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(sign, enroll, verify, key, notaryd)4 1287 1 1080 1080 t
10 S f
(-)2392 1080 w
10 R f
(sign and verify certi\256cates)3 1056 1 2472 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(notary sign)1 660 1 1080 1368 t
(notary enroll)1 780 1 1080 1536 t
10 R f
([)1885 1536 w
10 CW f
(-n)1943 1536 w
10 R f
(])2088 1536 w
10 I f
(name)2146 1536 w
10 CW f
(notary verify)1 780 1 1080 1704 t
10 I f
(name xsum text)2 615 1 1885 1704 t
10 CW f
(lmask xn /usr/notary/notaryd)2 1610 1 1080 1872 t
10 R f
([)2715 1872 w
10 CW f
(-m)2773 1872 w
10 I f
(mtpt)2918 1872 w
10 R f
(] [)1 91 1 3121 1872 t
10 CW f
(-d)3237 1872 w
10 I f
(dir)3382 1872 w
10 R f
(])3524 1872 w
10 CW f
(notary key)1 600 1 1080 2040 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2208 t
10 I f
(Notary)1080 2328 w
10 R f
( user may `sign' a document by presenting it and a)10 2029( Any)1 223( document-authentication service.)2 1352(provides a)1 413 4 1383 2328 t
( \(a cryptographic checksum made with the secret)7 2009( notary returns a certi\256cate)4 1105( The)1 214(secret key to the notary.)4 992 4 1080 2448 t
( public name.)2 563( the certi\256cate to be useful, the key must be enrolled with the notary under some)15 3356(key\). For)1 401 3 1080 2568 t
( may ask the notary to authenticate the document by ver-)10 2278(Given the certi\256cate and the public name, any user)8 2042 2 1080 2688 t
(ifying that it is indeed as certi\256ed.)6 1363 1 1080 2808 t
10 I f
(Sign)1080 2976 w
10 R f
( secret key is demanded from the)6 1343( The)1 209( certi\256cate for its standard input.)5 1318(writes on the standard output a)5 1244 4 1286 2976 t
(terminal.)1080 3096 w
10 I f
(Enroll)1080 3264 w
10 R f
( with the public)3 634(prompts the terminal for a secret key to associate)8 1973 2 1363 3264 t
10 I f
(name)3998 3264 w
10 R f
( this is a new enroll-)5 828(. Unless)1 350 2 4222 3264 t
(ment for)1 347 1 1080 3384 t
10 I f
(name,)1458 3384 w
10 R f
(indicated by option)2 784 1 1730 3384 t
10 CW f
(-n)2545 3384 w
10 R f
( a)1 74( If)1 121( of the key is demanded from the terminal.)8 1740(, the previous value)3 800 4 2665 3384 t
(trivial new key is presented, the)5 1270 1 1080 3504 t
10 I f
(name)2375 3504 w
10 R f
(is erased from the database.)4 1105 1 2616 3504 t
10 I f
(Verify)1080 3672 w
10 R f
(tells whether)1 513 1 1349 3672 t
10 I f
(xsum)1887 3672 w
10 R f
(is the checksum of)3 746 1 2117 3672 t
10 I f
(text,)2888 3672 w
10 R f
(\256gured with the enrolled key for the public)7 1717 1 3082 3672 t
10 I f
(name)4824 3672 w
10 R f
(.)5048 3672 w
10 I f
(Notaryd)1080 3840 w
10 R f
(is the notary daemon, which mounts itself on)7 1834 1 1438 3840 t
10 I f
(mtpt)3302 3840 w
10 R f
(\(default)3510 3840 w
10 CW f
(/cs/notary)3851 3840 w
10 R f
(\) and keeps its log \256les)5 949 1 4451 3840 t
(and database in directory)3 1006 1 1080 3960 t
10 I f
(dir)2112 3960 w
10 R f
(\(default)2255 3960 w
10 CW f
(/usr/notary)2591 3960 w
10 R f
(\). The database is encrypted, so that although)7 1812 1 3251 3960 t
10 I f
(notaryd)5089 3960 w
10 R f
(is normally started by)3 905 1 1080 4080 t
10 I f
(rc)2022 4080 w
10 R f
(\(8\), it cannot serve other requests until it has been primed by a)12 2637 1 2113 4080 t
10 CW f
(notary key)1 613 1 4787 4080 t
10 R f
(request, which obtains the notary's master key from the terminal.)9 2604 1 1080 4200 t
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 4368 t
10 CW f
(/cs/notary)1080 4488 w
(/usr/notary/*)1080 4608 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 4776 t
10 I f
(notary)1080 4896 w
10 R f
(\(3\))1349 4896 w
( 2)1 75( Page)1 1989( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 2 2
%%Page: 3 3
/saveobj save def
mark
3 pagesetup
10 R f
( \( 1 \))3 140( PASSWD)1 3994(PASSWD \( 1 \))3 546 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(passwd, pwx)1 516 1 1080 1080 t
10 S f
(-)1621 1080 w
10 R f
(change login password)2 915 1 1701 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(passwd)1080 1368 w
10 R f
([)1465 1368 w
10 CW f
(-an)1523 1368 w
10 R f
(] [)1 91 1 1728 1368 t
10 I f
(name)1844 1368 w
10 R f
(])2085 1368 w
10 CW f
(priv pwx)1 480 1 1080 1536 t
10 R f
([ [)1 91 1 1585 1536 t
10 CW f
(-qcd)1701 1536 w
10 R f
(])1966 1536 w
10 I f
(name)2024 1536 w
10 R f
(] ])1 91 1 2265 1536 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1704 t
10 I f
(Passwd)1080 1824 w
10 R f
(changes a password associated with the user)6 1768 1 1411 1824 t
10 I f
(name)3204 1824 w
10 R f
(\(your own name by default\).)4 1139 1 3445 1824 t
( The)1 215( caller must supply both.)4 1026( The)1 215( the new one.)3 562(The program prompts for the old password and then for)9 2302 5 1080 1992 t
(new password must be typed twice, to forestall mistakes.)8 2275 1 1080 2112 t
( alphabet and at least six)5 1004(New passwords must be at least four characters long if they use a suf\256ciently rich)14 3316 2 1080 2280 t
( rules are relaxed if you are insistent enough.)8 1793( These)1 288(characters long if monocase.)3 1141 3 1080 2400 t
( he knows the)3 564(Only the owner of the name or the super-user may change a password; the owner must prove)16 3756 2 1080 2568 t
(old password.)1 555 1 1080 2688 t
(If the)1 213 1 1080 2856 t
10 CW f
(-a)1318 2856 w
10 R f
(option is given,)2 620 1 1463 2856 t
10 I f
(passwd)2108 2856 w
10 R f
(prompts for new values of certain \256elds of the password \256le entry.)11 2651 1 2428 2856 t
(The super-user may use the)4 1113 1 1080 3024 t
10 CW f
(-n)2222 3024 w
10 R f
( prompts are self-explanatory, and most of)6 1724( The)1 210(option to install new users.)4 1095 3 2371 3024 t
( null response to the)4 845( A)1 132(the defaults obvious.)2 850 3 1080 3144 t
10 CW f
(UID:)2942 3144 w
10 R f
( one greater than the)4 850(prompt assigns a numeric userid)4 1333 2 3217 3144 t
(largest one previously in)3 1012 1 1080 3264 t
10 CW f
(/etc/passwd)2126 3264 w
10 R f
(. A null response to)4 816 1 2786 3264 t
10 CW f
(Directory:)3636 3264 w
10 R f
( in)1 113(assigns a home directory)3 1017 2 4270 3264 t
10 CW f
(/usr)1080 3384 w
10 R f
( the \256rst character of the response to this prompt is an asterisk, the remaining characters are taken)17 3959(. If)1 121 2 1320 3384 t
(as the name of the new user's home directory, and a symbolic link to this directory is placed in)18 3786 1 1080 3504 t
10 CW f
(/usr)4891 3504 w
10 R f
(.)5131 3504 w
( \256le named)2 568(A new user's home directory starts with a)7 2093 2 1080 3672 t
10 CW f
(.profile)3828 3672 w
10 R f
(, which is a copy of)5 1092 1 4308 3672 t
10 CW f
(/etc/stdprofile)1080 3792 w
10 R f
(with)2018 3792 w
10 CW f
(\\N)2234 3792 w
10 R f
(replaced by the user's name, and)5 1372 1 2392 3792 t
10 CW f
(\\D)3802 3792 w
10 R f
(replaced by the name of the user's)6 1440 1 3960 3792 t
(home directory.)1 632 1 1080 3912 t
10 I f
(Pwx)1080 4080 w
10 R f
( \256le,)1 183(modi\256es the password entry for the named user in the secret password)11 2847 2 1281 4080 t
10 I f
(pw\256le)4341 4080 w
10 R f
( no option)2 416(\(5\). With)1 396 2 4588 4080 t
10 I f
(pwx)1080 4200 w
10 R f
( options are)2 466( The)1 205(changes the classical password for the named user, or the invoker by default.)12 3065 3 1266 4200 t
10 CW f
(-c)1080 4368 w
10 R f
( a \256ctitious user, `pwedit', is demanded.)6 1619( special editing password for)4 1156( A)1 124(Change other information.)2 1061 4 1440 4368 t
(Then)1440 4488 w
10 I f
(pwx)1679 4488 w
10 R f
( clear-)1 259(prompts for treatment of the user password, SNK key, maximum privilege, and)11 3267 2 1874 4488 t
(ance \(maximum ceiling\).)2 1001 1 1440 4608 t
10 CW f
(-d)1080 4776 w
10 R f
( editing password is demanded.)4 1257( The)1 205(Delete an entry.)2 634 3 1440 4776 t
10 CW f
(-q)1080 4944 w
10 R f
( a correct password is entered, return status 0; otherwise nonzero.)10 2610( If)1 116(Demand the user password.)3 1103 3 1440 4944 t
(Options)1080 5112 w
10 CW f
(-c)1422 5112 w
10 R f
(and)1567 5112 w
10 CW f
(-d)1736 5112 w
10 R f
(require)1881 5112 w
10 CW f
(T_SETPRIV)2188 5112 w
10 R f
(privilege.)2753 5112 w
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 5280 t
10 CW f
(/etc/passwd)1080 5400 w
(/etc/stdprofile)1080 5520 w
(/etc/pwfile)1080 5640 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 5808 t
10 I f
(crypt)1080 5928 w
10 R f
(\(3\),)1293 5928 w
10 I f
(passwd)1459 5928 w
10 R f
(\(5\),)1762 5928 w
10 I f
(pw\256le)1928 5928 w
10 R f
(\(5\))2175 5928 w
(Robert Morris and Ken Thompson, `UNIX password security,')7 2536 1 1080 6048 t
10 I f
(AT&T Bell Laboratories Technical Journal)4 1756 1 3644 6048 t
10 R f
(63 \(1984\) 1649-1672)2 849 1 1080 6168 t
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 6336 t
10 R f
(The password \256le information should be kept in a different data structure allowing indexed access.)14 3940 1 1080 6456 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 2027(Page 3)1 269 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 3 3
%%Page: 4 4
/saveobj save def
mark
4 pagesetup
10 R f
( \( 1 \))3 140( PCOPY)1 4077(PCOPY \( 1 \))3 463 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(pcopy \261 paranoid \256le copy)4 1065 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 R f
([)1080 1368 w
10 CW f
(priv)1138 1368 w
10 R f
(])1403 1368 w
10 CW f
(pcopy)1461 1368 w
10 R f
([)1786 1368 w
10 I f
(input output)1 487 1 1844 1368 t
10 R f
(])2356 1368 w
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1536 t
10 I f
(Pcopy)1080 1656 w
10 R f
( The)1 218(copies an input \256le to an output \256le preserving, if possible, \256le ownership, dates, and label.)15 3816 2 1366 1656 t
(copying is performed in such a way as to assure faithfulness even in the presence of interfering processes.)17 4223 1 1080 1776 t
(Privilege, obtained via)2 908 1 1080 1944 t
10 I f
(priv)2016 1944 w
10 R f
( able to write the)4 687( user must be)3 539( The)1 208(\(1\), is required to reproduce privileged \256les.)6 1781 4 2185 1944 t
(output \256le, and be able to read and write \256les with the label of the input \256le.)16 3036 1 1080 2064 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 2232 t
10 I f
(cp)1080 2352 w
10 R f
(\(1\),)1182 2352 w
10 I f
(pex)1348 2352 w
10 R f
(\(4\))1494 2352 w
( 4)1 75( Page)1 1989( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 4 4
%%Page: 5 5
/saveobj save def
mark
5 pagesetup
10 R f
( \( 1 \))3 140( PRIV)1 4172(PRIV \( 1 \))3 368 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(priv, privedit \261 run a command with privileges)7 1865 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(priv)1080 1368 w
10 R f
([)1345 1368 w
10 I f
(option ...)1 356 1 1403 1368 t
10 R f
(] [)1 91 1 1784 1368 t
10 I f
(command arg ...)2 652 1 1900 1368 t
10 R f
(])2577 1368 w
10 CW f
(priv privedit)1 780 1 1080 1536 t
10 I f
(node changes)1 546 1 1885 1536 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1704 t
10 R f
(If a)1 138 1 1080 1824 t
10 I f
(command)1246 1824 w
10 R f
(is given,)1 343 1 1662 1824 t
10 I f
(priv)2034 1824 w
10 R f
(determines from the)2 812 1 2224 1824 t
10 I f
(privs)3065 1824 w
10 R f
(\(5\) \256le the most speci\256cally matching)5 1533 1 3273 1824 t
10 CW f
(REQUEST)4835 1824 w
10 R f
(for)5284 1824 w
(which the process has all the)5 1155 1 1080 1944 t
10 CW f
(NEEDS)2262 1944 w
10 R f
(and to which it has)4 763 1 2589 1944 t
10 CW f
(ACCESS)3379 1944 w
10 R f
(\(terminology explained in)2 1040 1 3765 1944 t
10 I f
(privs)4831 1944 w
10 R f
( a)1 70(\(5\)\). If)1 291 2 5039 1944 t
(unique most speci\256c match is found,)5 1481 1 1080 2064 t
10 I f
(priv)2589 2064 w
10 R f
( if the con\256rmation is)4 877( Then,)1 283(asks for con\256rmation.)2 880 3 2778 2064 t
10 CW f
(y)4847 2064 w
10 R f
(, the request)2 493 1 4907 2064 t
( are set according to the pertinent entry in)8 1663( and process ceiling)3 793( Privileges)1 451(is executed.)1 472 4 1080 2184 t
10 CW f
(/etc/privs)4484 2184 w
10 R f
(and the)1 291 1 5109 2184 t
(current directory is set to a place with security label)9 2110 1 1080 2304 t
10 CW f
(L_NO)3220 2304 w
10 R f
(; see)1 185 1 3460 2304 t
10 I f
(get\257ab)3675 2304 w
10 R f
( relative pathnames won't)3 1049(\(2\). Thus)1 396 2 3955 2304 t
(work in the)2 455 1 1080 2424 t
10 I f
(command)1560 2424 w
10 R f
(until it executes)2 633 1 1973 2424 t
10 I f
(chdir)2631 2424 w
10 R f
(\(2\).)2850 2424 w
(If no command is given, the contents of the)8 1734 1 1080 2592 t
10 I f
(privs)2839 2592 w
10 R f
(\256le are printed on the standard output.)6 1523 1 3064 2592 t
(The options are)2 621 1 1080 2760 t
10 CW f
(-n)1080 2928 w
10 R f
( not execute them except, if)5 1173( Do)1 186( report authorization and actions.)4 1373(Determine and)1 603 4 1440 2928 t
10 CW f
(PRIVEDIT)4814 2928 w
10 R f
(is)5333 2928 w
(requested, place the edited privilege \256le on the standard output.)9 2532 1 1440 3048 t
10 CW f
(-f)1080 3216 w
10 I f
(servfile)1233 3216 w
10 R f
(Use)1440 3336 w
10 I f
(serv\256le)1620 3336 w
10 R f
(instead of)1 391 1 1933 3336 t
10 CW f
(/cs/priv)2349 3336 w
10 R f
(, to use a non-standard privilege server.)6 1574 1 2829 3336 t
( for each argument of the \256rst request is)8 1663(One request is more speci\256c than another if the regular language)10 2657 2 1080 3504 t
(contained in the corresponding language for the second request, and at least one containment is proper.)15 4111 1 1080 3624 t
( must come from the same trusted)6 1402( Both)1 253( error and standard input are used for con\256rmations.)8 2140(The standard)1 525 4 1080 3792 t
( see)1 162(source, either a pexable stream with a stream identi\256er, or a pipe from a trusted process;)15 3682 2 1080 3912 t
10 I f
(pex)4959 3912 w
10 R f
(\(4\) and)1 295 1 5105 3912 t
10 I f
(stream)1080 4032 w
10 R f
(\(4\).)1360 4032 w
10 I f
(Privedit)1080 4200 w
10 R f
(applies to the)2 539 1 1430 4200 t
10 I f
(privs)1997 4200 w
10 R f
(\256le the modi\256cations given in the)5 1357 1 2225 4200 t
10 I f
(changes)3610 4200 w
10 R f
( of the authoriza-)3 696( the part)2 333(\256le. Only)1 406 3 3965 4200 t
( the given)2 420(tion tree rooted at)3 749 2 1080 4320 t
10 I f
(node)2287 4320 w
10 R f
( form of)2 353( The)1 218(may be changed.)2 699 3 2519 4320 t
10 I f
(changes)3827 4320 w
10 R f
(is described in)2 603 1 4192 4320 t
10 I f
(privs)4833 4320 w
10 R f
(\(5\). The)1 359 1 5041 4320 t
( \()1 95( con\256rmation is requested.)3 1096(changes are echoed and)3 976 3 1080 4440 t
10 I f
(Privedit,)3255 4440 w
10 R f
(like any other)2 573 1 3639 4440 t
10 I f
(command,)4249 4440 w
10 R f
(is a conventional)2 701 1 4699 4440 t
(token de\256ned by the)3 813 1 1080 4560 t
10 I f
(privs)1918 4560 w
10 R f
(\256le; it is not built in.\))5 852 1 2143 4560 t
10 I f
(Priv)1080 4728 w
10 R f
( the same reason it)4 787( For)1 200( environment to prevent hidden corruption by untrusted processes.)8 2737(clears the)1 389 4 1287 4728 t
( you see is what it will do.)7 1050( What)1 266(asks con\256rmation of the argument list.)5 1538 3 1080 4848 t
(The real work of)3 697 1 1080 5016 t
10 I f
(priv)1812 5016 w
10 R f
(is done by)2 431 1 2008 5016 t
10 I f
(privserv)2474 5016 w
10 R f
(\(8\).)2809 5016 w
10 I f
(Priv)3010 5016 w
10 R f
(communicates with)1 790 1 3217 5016 t
10 I f
(privserv)4042 5016 w
10 R f
(via a pipe that the latter)5 995 1 4405 5016 t
(mounts on)1 420 1 1080 5136 t
10 CW f
(/cs/priv)1525 5136 w
10 R f
(.)2005 5136 w
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 5304 t
10 CW f
(/etc/privs)1080 5424 w
(/cs/priv)1080 5544 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 5712 t
10 I f
(privs)1080 5832 w
10 R f
(\(5\),)1288 5832 w
10 I f
(privserv)1454 5832 w
10 R f
(\(8\),)1789 5832 w
10 I f
(session)1955 5832 w
10 R f
(\(1\))2252 5832 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 6000 t
10 R f
(If a)1 135 1 1080 6120 t
10 I f
(command)1240 6120 w
10 R f
(is performed,)1 532 1 1653 6120 t
10 I f
(priv)2210 6120 w
10 R f
(returns the result of the last constituent action; see)8 2003 1 2396 6120 t
10 I f
(privs)4424 6120 w
10 R f
(\(5\).)4632 6120 w
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 6288 t
10 R f
(Trailing null)1 503 1 1080 6408 t
10 I f
(args)1608 6408 w
10 R f
(are deleted.)1 459 1 1811 6408 t
(The standard input and standard error cannot freely be redirected.)9 2614 1 1080 6528 t
( mitigated if requests were assessed in)6 1573( would be)2 408( This)1 235(It is possible for a password to be demanded twice.)9 2104 4 1080 6648 t
(decreasing order of speci\256city instead of table order.)7 2100 1 1080 6768 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 2027(Page 5)1 269 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 5 5
%%Page: 6 6
/saveobj save def
mark
6 pagesetup
10 R f
( \( 1 \))3 140( REDMAIL)1 3945(REDMAIL \( 1 \))3 595 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(redmail, blackmail \261 multilevel mail)4 1458 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(redmail)1080 1368 w
(blackmail)1080 1536 w
10 I f
(maildir)1645 1536 w
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1704 t
10 R f
(These commands arrange for the delivery and receipt of mail with varying security labels.)13 3592 1 1080 1824 t
10 I f
(Redmail)1080 1992 w
10 R f
(simulates)1438 1992 w
10 I f
(mail)1841 1992 w
10 R f
(\(1\) for reading multilevel mail.)4 1240 1 2027 1992 t
(To receive timely noti\256cation of multilevel mail, set the shell variable)10 2795 1 1080 2160 t
10 CW f
(MAIL)3900 2160 w
10 R f
(to)4165 2160 w
10 I f
(maildir)4268 2160 w
10 CW f
(/FLAG)4571 2160 w
10 I f
(.)4879 2160 w
(Blackmail)1080 2328 w
10 R f
( private mail directory)3 896(delivers multilevel mail to the)4 1204 2 1511 2328 t
10 I f
(maildir.)3638 2328 w
10 R f
(To arrange for incoming mail to be)6 1415 1 3985 2328 t
(handled by)1 444 1 1080 2448 t
10 I f
(blackmail,)1552 2448 w
10 R f
(provide a directory)2 765 1 1999 2448 t
10 I f
(maildir)2792 2448 w
10 R f
(\(conventionally)3114 2448 w
10 CW f
(.mail)3768 2448 w
10 R f
(in your home directory\) and edit)5 1305 1 4095 2448 t
(a single line like)3 658 1 1080 2568 t
10 CW f
(Pipe to blackmail $HOME/.mail)3 1740 1 1440 2736 t
10 R f
(into your regular mailbox,)3 1073 1 1080 2904 t
10 CW f
(/usr/spool/mail/)2186 2904 w
10 I f
(logname.)3154 2904 w
10 R f
(Thereafter a separate)2 852 1 3581 2904 t
10 I f
(blackmail)4467 2904 w
10 R f
(process runs)1 505 1 4895 2904 t
( receive the security label of their source.)7 1645( Letters)1 327(for each letter.)2 578 3 1080 3024 t
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 3192 t
10 CW f
($HOME/.mail/*)1080 3312 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 3480 t
10 I f
(mail)1080 3600 w
10 R f
(\(1\))1266 3600 w
( 6)1 75( Page)1 1989( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 6 6
%%Page: 7 7
/saveobj save def
mark
7 pagesetup
10 R f
( \( 1 \))3 140( SESSION)1 3994(SESSION \( 1 \))3 546 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(session, drop, runlow \261 substitute labels temporarily)6 2088 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(session)1080 1368 w
10 R f
([)1525 1368 w
10 I f
(option ...)1 356 1 1583 1368 t
10 R f
(])1964 1368 w
10 CW f
(priv session)1 720 1 1080 1536 t
10 R f
([)1825 1536 w
10 I f
(option ...)1 356 1 1883 1536 t
10 R f
(])2264 1536 w
10 CW f
(runlow)1080 1704 w
10 I f
(command)1465 1704 w
10 CW f
(drop)1080 1872 w
10 R f
([)1345 1872 w
10 CW f
(-l)1403 1872 w
10 I f
(label)1548 1872 w
10 R f
(] [)1 91 1 1773 1872 t
10 I f
(command-arg ...)1 660 1 1889 1872 t
10 R f
(])2574 1872 w
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2040 t
10 I f
(Session)1080 2160 w
10 R f
( ceiling is raised sufficiently)4 1152( The)1 210( security label for the duration of one command.)8 1967(sets a temporary)2 662 4 1409 2160 t
( no)1 132( If)1 123(to cover the requested label, up to the authorization recorded for the current login name.)14 3612 3 1080 2280 t
10 I f
(command-)4979 2280 w
(args)1080 2400 w
10 R f
( be a shell:)3 448(are given, the command is taken to)6 1425 2 1288 2400 t
10 I f
(sh)3192 2400 w
10 R f
(\(1\) above the system floor, or)5 1211 1 3289 2400 t
10 I f
(nosh)4531 2400 w
10 R f
( With)1 256(\(8\) below.)1 416 2 4728 2400 t
10 I f
(command-args,)1080 2520 w
10 R f
(the specified command is run; there is no shell-like path search.)10 2543 1 1729 2520 t
( label is below the system)5 1070(If the current ceiling does not dominate the new ceiling, or the the new process)14 3250 2 1080 2688 t
(floor and does not dominate the current label)7 1794 1 1080 2808 t
10 I f
(session)2899 2808 w
10 R f
(must be invoked through)3 997 1 3213 2808 t
10 I f
(priv)4235 2808 w
10 R f
(\(1\).)4404 2808 w
(The options are)2 621 1 1080 2976 t
10 CW f
(-l)1080 3144 w
10 I f
(label)1233 3144 w
10 R f
( and the label of the standard input to the given value, speci\256ed as in)14 2808(Set the process label)3 830 2 1440 3264 t
10 I f
(atolab)5108 3264 w
10 R f
(;)5372 3264 w
(see)1440 3384 w
10 I f
(labtoa)1596 3384 w
10 R f
( label, clear the environment and)5 1323( the value does not dominate the current process)8 1956(\(3\). If)1 261 3 1860 3384 t
( If)1 116(pass no arguments to the invoked command.)6 1779 2 1440 3504 t
10 I f
(label)3360 3504 w
10 R f
(is missing, it is taken to be the system \257oor.)9 1754 1 3585 3504 t
10 CW f
(-C)1080 3672 w
10 I f
(label)1233 3672 w
10 R f
( If)1 118( the given value.)3 666(Set the process ceiling at or above)6 1370 3 1440 3792 t
10 I f
(label)3621 3792 w
10 R f
(is missing, it is taken to be the process)8 1552 1 3848 3792 t
(label.)1440 3912 w
10 CW f
(-u)1080 4080 w
10 I f
(user)1233 4080 w
10 R f
(The password for)2 712 1 1440 4080 t
10 I f
(user)2184 4080 w
10 R f
( fact that the password has been presented will be)9 2048( The)1 213(will be demanded.)2 751 3 2388 4080 t
(recorded in the stream identi\256er \(see)5 1475 1 1440 4200 t
10 I f
(stream)2943 4200 w
10 R f
( the duration of the ses-)5 950( For)1 192(\(4\)\) of the standard input.)4 1035 3 3223 4200 t
( If)1 119( succeed automatically.)2 940(sion, further queries for that password will)6 1712 3 1440 4320 t
10 I f
(user)4239 4320 w
10 R f
(is missing, it is taken to)5 961 1 4439 4320 t
(be the current login name.)4 1045 1 1440 4440 t
10 CW f
(-x)1080 4608 w
10 R f
(Replace current session instead of suspending it for the duration of the new session \(like)14 3584 1 1440 4608 t
10 CW f
(exec)5053 4608 w
10 R f
(in)5322 4608 w
10 I f
(sh)1440 4728 w
10 R f
(\(1\)\).)1537 4728 w
10 CW f
(-c)1080 4896 w
10 I f
(command-arg ...)1 660 1 1233 4896 t
10 R f
( option must come last.)4 931( This)1 228(Instead of a shell, run the given command with the given arguments.)11 2738 3 1440 5016 t
( over a trustable channel, in particular neither from an)9 2348(To change labels, the input source must come)7 1972 2 1080 5184 t
( request may)2 516( The)1 209(untrusted computer nor from a terminal into which untrusted code has been downloaded.)12 3595 3 1080 5304 t
( has tampered with it; answer)5 1213(require con\256rmation to assure that no software)6 1905 2 1080 5424 t
10 CW f
(y)4231 5424 w
10 R f
( and)1 177( Con\256rmation)1 592(for yes.)1 307 3 4324 5424 t
( of)1 113(password inquiries happen under cover)4 1587 2 1080 5544 t
10 I f
(pex)2810 5544 w
10 R f
( a)1 74(\(4\). In)1 279 2 2956 5544 t
10 I f
(mux)3339 5544 w
10 R f
(\(9.1\) window, this gives a visible indication; a)7 1887 1 3513 5544 t
(missing indication is a sign of spoo\256ng.)6 1593 1 1080 5664 t
10 I f
(Runlow)1080 5832 w
10 R f
( label at bottom, somewhat like)5 1265(runs a command, starting the)4 1161 2 1412 5832 t
10 CW f
(session -l 0)2 724 1 3865 5832 t
10 R f
(, but without chang-)3 811 1 4589 5832 t
( executable \256le is located according to environment variable)8 2414( The)1 206(ing the label of the standard input.)6 1374 3 1080 5952 t
10 CW f
($PATH)5100 5952 w
10 R f
(as in)1 193 1 1080 6072 t
10 I f
(sh)1305 6072 w
10 R f
( environment lists, but inherits open \256le descrip-)7 1994( command receives empty argument and)5 1651(\(1\). The)1 353 3 1402 6072 t
( process label will immediately rise to dominate that of the exe-)11 2577( The)1 209(tors; only descriptors 0-3 are allowed.)5 1534 3 1080 6192 t
(cutable \256le.)1 466 1 1080 6312 t
10 I f
(Drop)1080 6480 w
10 R f
( ceiling to)2 404(sets the process)2 623 2 1317 6480 t
10 I f
(label)2371 6480 w
10 R f
(\(by default to the process label\) for the running of one)10 2182 1 2598 6480 t
10 I f
(command)4807 6480 w
10 R f
(with)5222 6480 w
(the given)1 369 1 1080 6600 t
10 I f
(arguments.)1474 6600 w
10 R f
(If no)1 191 1 1946 6600 t
10 I f
(command)2162 6600 w
10 R f
(is given,)1 339 1 2575 6600 t
10 CW f
(/bin/sh)2939 6600 w
10 R f
(is run.)1 250 1 3384 6600 t
(The current process label, process licenses, terminal label, and environment are preserved.)11 3604 1 1080 6768 t
9 R f
( S)1 2( LE ES)2 109( PL)1 57( MP)1 52( XA AM)2 149(E EX)1 122 6 720 6936 t
10 CW f
(priv session -C ffff...)3 1380 1 1080 7056 t
10 R f
(Change ceiling to the maximum authorized for the current user.)9 2540 1 1440 7176 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 2027(Page 7)1 269 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 7 7
%%Page: 8 8
/saveobj save def
mark
8 pagesetup
10 R f
( \( 1 \))3 140( SESSION)1 3994(SESSION \( 1 \))3 546 3 720 480 t
10 CW f
(priv session -l 0)3 1020 1 1080 960 t
(cd /usr/src)1 660 1 1080 1080 t
10 R f
( out of the black-hole directory that)6 1540( Get)1 215( terminal subsession.)2 878(Enter a bottom-label interactive)3 1327 4 1440 1200 t
10 I f
(priv)1440 1320 w
10 R f
(\(1\) leaves you in.)3 693 1 1609 1320 t
10 CW f
( not useful)2 660( #)1 300(runlow /bin/sh)1 840 3 1080 1488 t
10 R f
( the shell reads)3 626( When)1 297(An attempt to fool the system into giving a bottom-label interactive shell.)11 3037 3 1440 1608 t
(from standard input, its label will revert to that of the current session.)12 2769 1 1440 1728 t
10 CW f
(drop ls -l *)3 720 1 1080 1896 t
(drop pwd)1 480 1 1080 2016 t
10 R f
( directories examined by)3 987(Prevent the process label from rising to cover the labels of \256les in the)13 2771 2 1440 2136 t
10 I f
(ls)5224 2136 w
10 R f
(or)5317 2136 w
10 I f
(pwd.)1440 2256 w
10 R f
(\(If the label did rise, the output could not get to the terminal.\))12 2453 1 1657 2256 t
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 2424 t
10 CW f
(/dev/log/sessionlog)1080 2544 w
(/etc/pwfile)1080 2664 w
(/etc/floor)1080 2784 w
(/bin/sh)1080 2904 w
(/etc/nosh)1080 3024 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 3192 t
10 I f
(sh)1080 3312 w
10 R f
(\(1\),)1177 3312 w
10 I f
(get\257ab)1343 3312 w
10 R f
(\(2\),)1623 3312 w
10 I f
(getplab)1789 3312 w
10 R f
(\(2\),)2097 3312 w
10 I f
(exec)2263 3312 w
10 R f
(\(2\),)2447 3312 w
10 I f
(pw\256le)2613 3312 w
10 R f
(\(5\),)2860 3312 w
10 I f
(login)3026 3312 w
10 R f
(\(8\),)3240 3312 w
10 I f
(nosh)3406 3312 w
10 R f
(\(8\),)3603 3312 w
10 I f
(pwserv)3769 3312 w
10 R f
(\(8\))4060 3312 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 3480 t
10 R f
(`Sorry', instead of asking for a password: untrusted channel.)8 2412 1 1080 3600 t
( 8)1 75( Page)1 1989( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 8 8
%%Page: 9 9
/saveobj save def
mark
9 pagesetup
10 R f
( \( 1 \))3 140( SETLAB)1 4022(SETLAB \( 1 \))3 518 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(setlab, downgrade, setpriv \261 set security label on \256les)8 2136 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(setlab)1080 1368 w
10 R f
([)1465 1368 w
10 I f
(option ...)1 356 1 1523 1368 t
10 R f
(])1904 1368 w
10 I f
(label \256le ...)2 447 1 1962 1368 t
10 R f
(])2434 1368 w
10 CW f
(priv downgrade)1 840 1 1080 1536 t
10 R f
([)1945 1536 w
10 CW f
(-v)2003 1536 w
10 R f
(])2148 1536 w
10 I f
(delta \256le ...)2 447 1 2206 1536 t
10 CW f
(priv setpriv)1 720 1 1080 1704 t
10 I f
(cap lic \256le ...)3 516 1 1825 1704 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1872 t
10 I f
(Setlab)1080 1992 w
10 R f
(sets the security label on the named)6 1432 1 1357 1992 t
10 I f
(\256les,)2816 1992 w
10 R f
( The)1 208( the standard input if no \256les are named.)8 1630(or on)1 210 3 3029 1992 t
10 I f
(label)5105 1992 w
10 R f
(is)5333 1992 w
(a single argument in the style accepted by)7 1672 1 1080 2112 t
10 I f
(atolab)2777 2112 w
10 R f
(; see)1 180 1 3041 2112 t
10 I f
(labtoa)3246 2112 w
10 R f
( options are)2 466(\(3\). The)1 346 2 3510 2112 t
10 CW f
(-a)1080 2280 w
10 R f
(Add)1440 2280 w
10 I f
(label)1637 2280 w
10 R f
(to the current \256le label \()5 962 1 1862 2280 t
10 I f
(new)2832 2280 w
10 R f
(=)3001 2280 w
10 I f
(old)3065 2280 w
10 S f
(\357)3201 2280 w
10 I f
(label)3258 2280 w
10 R f
(\).)3458 2280 w
10 CW f
(-s)1080 2448 w
10 R f
(Subtract)1440 2448 w
10 I f
(label)1798 2448 w
10 R f
(from the current \256le label \()5 1078 1 2023 2448 t
10 I f
(new)3109 2448 w
10 R f
(=)3278 2448 w
10 I f
(old)3342 2448 w
10 R f
(&\304)3478 2448 w
10 I f
(label)3597 2448 w
10 R f
(\).)3797 2448 w
10 CW f
(-p)1080 2616 w
10 R f
(Set privileges \(capabilities and licenses\) only.)5 1831 1 1440 2616 t
10 CW f
(-v)1080 2784 w
10 R f
(Print a blow-by-blow account on standard error \256le.)7 2074 1 1440 2784 t
( or more licenses \(see)4 960( One)1 240( writing.)1 363(The process must be able to open the \256le, either for reading or)12 2757 4 1080 2952 t
10 I f
(getplab)1080 3072 w
10 R f
(\(2\)\) are needed in some instances:)5 1360 1 1388 3072 t
10 CW f
(T_EXTERN)1080 3240 w
10 R f
(to downgrade \(new label does not dominate old\))7 1933 1 1740 3240 t
10 CW f
(T_SETPRIV)1080 3408 w
10 R f
(if either the old or the new label has nonzero privilege bits)11 2332 1 1740 3408 t
10 CW f
(T_NOCHK)1080 3576 w
10 R f
(if the old label has \257ag)5 913 1 1740 3576 t
10 CW f
(L_NO)2678 3576 w
10 R f
(\(also need)1 407 1 2943 3576 t
10 CW f
(T_EXTERN)3375 3576 w
10 R f
(to change away from)3 839 1 3880 3576 t
10 CW f
(L_NO)4744 3576 w
10 R f
(\).)4984 3576 w
10 I f
(Downgrade)1080 3744 w
10 R f
(uses)1577 3744 w
10 I f
(setlab)1774 3744 w
10 R f
(to clear the label bits designated by)6 1409 1 2038 3744 t
10 I f
(delta)3472 3744 w
10 R f
( is a conventional request de\256ned in the)7 1584(. It)1 136 2 3680 3744 t
(privilege \256le,)1 534 1 1080 3864 t
10 I f
(privs)1640 3864 w
10 R f
( that the user has authority over the speci\256ed label bits and supplies the)13 2844(\(5\), which checks)2 708 2 1848 3864 t
(necessary privilege to)2 870 1 1080 3984 t
10 I f
(setlab.)1975 3984 w
(Setpriv)1080 4152 w
10 R f
(is a conventional interface to)4 1153 1 1388 4152 t
10 I f
(setlab)2566 4152 w
10 R f
(for changing \256le capabilities and licenses.)5 1675 1 2830 4152 t
9 R f
( S)1 2( LE ES)2 109( PL)1 57( MP)1 52( XA AM)2 149(E EX)1 122 6 720 4320 t
10 CW f
(setlab ffff... file)2 1140 1 1080 4440 t
10 R f
(Give the \256le a top label.)5 960 1 1440 4560 t
10 CW f
(setlab -a F file)3 960 1 1080 4728 t
10 R f
(Freeze a \256le label to keep writes from raising the lattice value.)11 2489 1 1440 4848 t
10 CW f
(lmask x setlab -s 03 file)5 1500 1 1080 5016 t
10 R f
( privileged)1 444(Downgrade a security label using a)5 1470 2 1440 5136 t
10 I f
(nosh)3393 5136 w
10 R f
( The)1 219(\(8\) session.)1 469 2 3590 5136 t
10 I f
(downgrade)4317 5136 w
10 R f
(priv request is)2 594 1 4806 5136 t
(preferred.)1440 5256 w
10 CW f
(priv downgrade 03 file)3 1320 1 1080 5424 t
10 R f
(Same, using obtaining the necessary authorization and privilege from)8 2771 1 1440 5544 t
10 I f
(priv)4236 5544 w
10 R f
(\(1\).)4405 5544 w
10 CW f
(priv setpriv - n file)4 1260 1 1080 5712 t
10 R f
( immutable)1 457( is a conventional trick to make the \256le)8 1578( This)1 231(Give the \256le a license, but no capabilities.)7 1694 4 1440 5832 t
( lattice value of the label is bottom \(all zero\).)9 1797( The)1 205(until its privileges are turned off again.)6 1556 3 1440 5952 t
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 6120 t
10 R f
( a matter of policy,)4 761( As)1 162(`Locking \256le for vetting'.)3 1024 3 1080 6240 t
10 I f
(setlab)3054 6240 w
10 R f
(refuses to assign arbitrary privileges to a previously)7 2080 1 3320 6240 t
( \256le may then)3 547( The)1 205( the \256le immutable as in the last example.)8 1663( it marks)2 352( Instead)1 339(unprivileged \(`untrusted'\) \256le.)2 1214 6 1080 6360 t
( leisure to assess whether its contents are indeed trustable before privileges are \256nally)13 3678(be examined at)2 642 2 1080 6480 t
(assigned.)1080 6600 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 6768 t
10 I f
(get\257ab)1080 6888 w
10 R f
(\(2\),)1360 6888 w
10 I f
(getlab)1526 6888 w
10 R f
(\(1\),)1784 6888 w
10 I f
(priv)1950 6888 w
10 R f
(\(1\))2119 6888 w
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 7056 t
10 R f
(The strings)1 462 1 1080 7176 t
10 CW f
(-a)1582 7176 w
10 R f
(and)1742 7176 w
10 CW f
(-p)1926 7176 w
10 R f
( will always be understood as)5 1259( They)1 271( legitimate, if unusual, labels.)4 1244(happen to be)2 540 4 2086 7176 t
(option \257ags.)1 495 1 1080 7296 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 2027(Page 9)1 269 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 9 9
%%Page: 10 10
/saveobj save def
mark
10 pagesetup
10 R f
( \( 1 \))3 140( STAT)1 4150(STAT \( 1 \))3 390 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(stat \261 \256le statistics and labels)5 1164 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(stat)1080 1368 w
10 I f
(\256le ...)1 222 1 1345 1368 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1536 t
10 I f
(Stat)1080 1656 w
10 R f
(places facts about the named)4 1147 1 1261 1656 t
10 I f
(\256les)2433 1656 w
10 R f
( output lines show)3 731( Successive)1 488(on the standard output.)3 916 3 2619 1656 t
(The file name.)2 579 1 1440 1824 t
( owner, group, and size displayed like output from)8 2142(Inode number, mode, link count,)4 1367 2 1440 1992 t
10 I f
(ls)4990 1992 w
10 R f
(\(1\) with)1 335 1 5065 1992 t
(options)1440 2112 w
10 CW f
(lidL)1762 2112 w
10 R f
( device numbers separated)3 1058( device files, the size is replaced by major and minor)10 2124(. For)1 216 3 2002 2112 t
(by a comma.)2 513 1 1440 2232 t
(The major and minor device numbers of this inode's file system and the file mode in octal.)16 3626 1 1440 2400 t
(Modification, access, and change times, each on a separate line.)9 2546 1 1440 2568 t
(The security label \(of the destination, if a symbolic link\) is given in the style of)15 3164 1 1440 2736 t
10 I f
(labtoa)4629 2736 w
10 R f
(\(3\).)4893 2736 w
( similar information for)3 956(If the file can be opened and corresponding data differ for the opened file,)13 3004 2 1440 2904 t
(the opened file follows.)3 943 1 1440 3024 t
(If the file is a symbolic link, the link destination is given, marked by)13 2735 1 1440 3192 t
10 CW f
(->)4200 3192 w
10 R f
(.)4320 3192 w
10 I f
(Stat)1080 3360 w
10 R f
(has nocheck capability; a superuser with nocheck license can use it to examine any file.)14 3495 1 1261 3360 t
9 R f
( S)1 2( LE ES)2 109( PL)1 57( MP)1 52( XA AM)2 149(E EX)1 122 6 720 3528 t
10 CW f
(/dev/tty:)1080 3648 w
(0 crwxrwxrwx 0 root 0 0,0)5 1500 1 1440 3768 t
(255,255 020777)1 840 1 1440 3888 t
(Jun 22 22:52:30 1988)3 1200 1 1440 4008 t
(Jun 22 22:52:30 1988)3 1200 1 1440 4128 t
(Jun 22 22:52:30 1988)3 1200 1 1440 4248 t
(------ ------CY 0000 0000 ...)4 1740 1 1440 4368 t
( 0 reeds other 0)4 960(974 rw-rw-r--)1 840 2 1440 4488 t
(255,255 0100664)1 900 1 1440 4608 t
( 0000 ...)2 540( 0000)1 360(------ ------R)1 840 3 1440 4728 t
(/usr/spool/man:)1080 4848 w
(9926 lrwxrwxrwx 1 doug bin 23)5 1740 1 1440 4968 t
(7,66 0120777)1 720 1 1440 5088 t
(Oct 17 21:21:21 1987)3 1200 1 1440 5208 t
(Jun 22 22:52:14 1988)3 1200 1 1440 5328 t
(Oct 17 21:21:21 1987)3 1200 1 1440 5448 t
( 0000 ...)2 540( 0000)1 360(------ ------C)1 840 3 1440 5568 t
(-> /n/bowell/usr/spool/man)1 1560 1 1440 5688 t
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 5856 t
10 R f
(Diagnostics appear on the standard output.)5 1703 1 1080 5976 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 6144 t
10 I f
(stat)1080 6264 w
10 R f
(\(2\),)1233 6264 w
10 I f
(ls)1399 6264 w
10 R f
(\(1\),)1474 6264 w
10 I f
(getlab)1640 6264 w
10 R f
(\(1\))1898 6264 w
( 10)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 10 10
%%Page: 11 11
/saveobj save def
mark
11 pagesetup
10 R f
( \( 2 \))3 140( CHANGES)1 3928(CHANGES \( 2 \))3 612 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(intro, fmount, getuid, signal, stat, wait \261 changes to manual)9 2371 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <sys/label.h>)1 1320 1 1080 1368 t
(int fmount5\(type, fildes, name, flag, ceiling\))5 2760 1 1080 1536 t
(char *name;)1 660 1 1080 1656 t
(struct label *ceiling;)2 1320 1 1080 1776 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1944 t
10 R f
(This section covers small changes in the named manual pages for IX relative to v10.)14 3369 1 1080 2064 t
( o)1 2( ro)1 52( tr)1 35( nt)1 30(i in)1 80 5 870 2232 t
(New error returns:)2 736 1 1080 2352 t
(38)1080 2520 w
10 CW f
(ELAB)1230 2520 w
10 R f
(Security label violation)2 933 1 1520 2520 t
(An action which would, if completed, break security rules; see)9 2498 1 1440 2640 t
10 I f
(getplab)3963 2640 w
10 R f
(\(2\).)4271 2640 w
(39)1080 2808 w
10 CW f
(ENOSYS)1230 2808 w
10 R f
(No such system call)3 802 1 1640 2808 t
(An attempt to execute a nonexistent or unsupported system call.)9 2558 1 1440 2928 t
(40)1080 3096 w
10 CW f
(ENLAB)1230 3096 w
10 R f
(Out of security labels)3 857 1 1580 3096 t
(A system table for security labels is full: a trouble similar to)11 2401 1 1440 3216 t
10 CW f
(ENFILE)3866 3216 w
10 R f
(.)4226 3216 w
(41)1080 3384 w
10 CW f
(EPRIV)1230 3384 w
10 R f
(Insufficient privilege)1 840 1 1580 3384 t
( of a)2 201(An attempt was made to execute a priviledged system call, or exercise a privileged feature)14 3759 2 1440 3504 t
(regular system call.)2 779 1 1440 3624 t
( t)1 2( ou un nt)3 134( mo)1 52(f fm)1 113 4 870 3792 t
10 I f
(Fmount5)1080 3912 w
10 R f
(mounts a file system as does)5 1161 1 1470 3912 t
10 I f
(fmount)2660 3912 w
10 R f
( 0\) or network \(type 4\) file systems,)7 1466(\(2\) and, on regular \(type)4 988 2 2946 3912 t
(imposes a specified)2 798 1 1080 4032 t
10 I f
(ceiling)1911 4032 w
10 R f
( label of the file is)5 759( file in the file system can be accessed unless the)10 2026(label. No)1 399 3 2216 4032 t
( in determining capabilities during)4 1397( Moreover,)1 473(dominated by the file system ceiling.)5 1497 3 1080 4152 t
10 I f
(exec)4477 4152 w
10 R f
(\(2\), capability and)2 739 1 4661 4152 t
( default ceiling)2 603( The)1 207( masked by corresponding bits in the file system ceiling.)9 2272(license bits in the file label are)6 1238 4 1080 4272 t
(is)1080 4392 w
10 CW f
(L_YES)1172 4392 w
10 R f
(on regular and)2 576 1 1497 4392 t
10 CW f
(L_NO)2098 4392 w
10 R f
( capabilities and licenses are all zero.)6 1482( Default)1 349(on network file systems.)3 977 3 2363 4392 t
( d)1 2( id)1 52( ui)1 30( tu)1 52( et)1 30(g ge)1 96 6 870 4560 t
(Whenever one of the system calls)5 1394 1 1080 4680 t
10 I f
(setuid)2510 4680 w
10 R f
(,)2757 4680 w
10 I f
(setgid)2818 4680 w
10 R f
(,)3065 4680 w
10 I f
(setruid)3126 4680 w
10 R f
(, or)1 144 1 3412 4680 t
10 I f
(setlogname)3592 4680 w
10 R f
(requires superuser status, it also)4 1317 1 4083 4680 t
(requires capability)1 740 1 1080 4800 t
10 CW f
(T_UAREA)1845 4800 w
10 R f
(.)2265 4800 w
10 I f
(Setpgrp)1080 4968 w
10 R f
(can set the process group only to the current process id unless the process has capability)15 3513 1 1416 4968 t
10 CW f
(T_UAREA)4954 4968 w
10 R f
(.)5374 4968 w
( l)1 2( al)1 30( gn na)2 98( ig)1 52(s si)1 69 5 870 5136 t
(Security label violations by)3 1103 1 1080 5256 t
10 I f
(write)2210 5256 w
10 R f
(\(2\) result in)2 470 1 2424 5256 t
10 CW f
(SIGPIPE)2921 5256 w
10 R f
( result in)2 356( security label violations)3 986(. Other)1 304 3 3341 5256 t
10 CW f
(SIGLAB)5015 5256 w
10 R f
(,)5375 5256 w
(which is ignored if not caught.)5 1221 1 1080 5376 t
( t)1 2( at)1 30( ta)1 46(s st)1 69 4 870 5544 t
( are indicated in)3 640( These)1 288(New modes.)1 499 3 1080 5664 t
10 I f
(ls)2532 5664 w
10 R f
(\(1\) by)1 241 1 2607 5664 t
10 CW f
(a)2873 5664 w
10 R f
(and)2958 5664 w
10 CW f
(b)3127 5664 w
10 R f
(appended to the usual mode field.)5 1348 1 3212 5664 t
10 CW f
(S_IAPPEND)1080 5832 w
10 R f
(Append-only \256le.)1 705 1 1440 5952 t
10 CW f
(S_IBLIND)1080 6120 w
10 R f
( blind directory cannot be read and is immune to security label checks on)13 3167( A)1 141(Blind directory.)1 652 3 1440 6240 t
(search; \256les can be removed from it only by their owners.)10 2304 1 1440 6360 t
( it t)2 32( ai)1 30(w wa)1 118 3 870 6528 t
( of the exiting process, then nonzero ter-)7 1655(If the security label of the waiting process does not dominate that)11 2665 2 1080 6648 t
(mination status or exit code is reported simply as)8 1960 1 1080 6768 t
10 CW f
(SIGTERM)3065 6768 w
10 R f
(.)3485 6768 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 11)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 11 11
%%Page: 12 12
/saveobj save def
mark
12 pagesetup
10 R f
( \( 2 \))3 140( EXEC)1 4139(EXEC \( 2 \))3 401 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(execl, execv, execle, execve, execlp, execvp, exect, environ)7 2379 1 1080 1080 t
10 S f
(-)3484 1080 w
10 R f
(execute a \256le)2 526 1 3564 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(int execl\(name, arg0, arg1, ..., argn, \(char *\)0\))7 2940 1 1080 1368 t
(char *name, *arg0, *arg1, ..., *argn;)5 2220 1 1080 1488 t
(int execv\(name, argv\))2 1260 1 1080 1656 t
(char *name, *argv[];)2 1200 1 1080 1776 t
(int execle\(name, arg0, arg1, ..., argn, \(char *\)0, envp\))8 3360 1 1080 1944 t
(char *name, *arg0, *arg1, ..., *argn, *envp[];)6 2760 1 1080 2064 t
(int execve\(name, argv, envp\))3 1680 1 1080 2232 t
(char *name, *argv[], *envp[];)3 1740 1 1080 2352 t
(int execlp\(name, arg0, arg1, ..., argn, \(char *\)0\))7 3000 1 1080 2520 t
(char *name, *arg0, *arg1, ..., *argn;)5 2220 1 1080 2640 t
(int execvp\(name, argv\))2 1320 1 1080 2808 t
(char *name, *argv[];)2 1200 1 1080 2928 t
(int exect\(name, argv, envp\))3 1620 1 1080 3096 t
(char *name, *argv[], *envp[];)3 1740 1 1080 3216 t
(extern char **environ;)2 1320 1 1080 3384 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 3552 t
10 I f
(Exec)1080 3672 w
10 R f
(in all its forms overlays the calling process with the named \256le, then transfers to the entry point of the)19 4100 1 1300 3672 t
( can be no return from a successful)7 1393( There)1 282(image of the \256le.)3 677 3 1080 3792 t
10 I f
(exec)3457 3792 w
10 R f
(; the calling image is lost.)5 1028 1 3641 3792 t
(Files remain open across)3 1029 1 1080 3960 t
10 I f
(exec)2147 3960 w
10 R f
(unless explicit arrangement has been made; see)6 1968 1 2361 3960 t
10 I f
(ioctl)4367 3960 w
10 R f
( are)1 160( that)1 188(\(2\). Signals)1 499 3 4553 3960 t
(caught \(see)1 451 1 1080 4080 t
10 I f
(signal)1556 4080 w
10 R f
( signals' behavior is unchanged.)4 1284( Other)1 277(\(2\)\) are reset to their default values.)6 1426 3 1809 4080 t
(Each user has a)3 659 1 1080 4248 t
10 I f
(real)1778 4248 w
10 R f
( groupid and an)3 669(userid and)1 427 2 1978 4248 t
10 I f
(effective)3114 4248 w
10 R f
( real userid \(groupid\))3 890( The)1 220(userid and groupid.)2 804 3 3486 4248 t
( effective userid \(groupid\) determines access privileges.)6 2308(identi\256es the person using the system; the)6 1756 2 1080 4368 t
10 I f
(Exec)5207 4368 w
10 R f
( of the executed \256le if the \256le has the set-userid or)11 2109(changes the effective userid and groupid to the owner)8 2211 2 1080 4488 t
( real userid is not affected.)5 1058( The)1 205(set-groupid modes.)1 766 3 1080 4608 t
(The security label \(see)3 903 1 1080 4776 t
10 I f
(get\257ab)2009 4776 w
10 R f
( any arguments or environment param-)5 1565( If)1 118(\(2\)\) of the process is set as follows.)7 1428 3 2289 4776 t
( the process)2 479(eters are present, or if and \256le descriptor numbers greater than 3 are in use, the lattice value of)18 3841 2 1080 4896 t
( value is ORed with the lattice value of the exe-)10 2002( This)1 238( to them, otherwise lattice bottom.)5 1419(label is ascribed)2 661 4 1080 5016 t
( the new lattice value does not dominate the)8 1841( If)1 127(cuted \256le to obtain the new lattice value for the process.)10 2352 3 1080 5136 t
( permission mask \(see)3 885(old, the)1 366 2 1080 5256 t
10 I f
(umask)2356 5256 w
10 R f
(\(2\)\) is set to 022.)4 680 1 2619 5256 t
( the simplest case, the process obtains from the \256le the capabilities for which the)14 3229( In)1 134(Process licenses persist.)2 957 3 1080 5424 t
(process has licenses; see)3 981 1 1080 5544 t
10 I f
(getplab)2087 5544 w
10 R f
( Nominal capabil-)2 721( detailed computation for process capabilities is:)6 1937(\(2\). The)1 347 3 2395 5544 t
( \(see)1 201(ities are determined by ANDing the \256le capabilities with the capabilities in the \256le system ceiling)15 4119 2 1080 5664 t
10 I f
(mount)1080 5784 w
10 R f
( ANDing the \256le)3 714( licenses are determined by)4 1150( Nominal)1 416(\(2\)\) and then ORing with built-in minima.)6 1782 4 1338 5784 t
( capabilities are set by)4 891( Process)1 355(licenses with the licenses in the \256le system ceiling and with built-in maxima.)12 3074 3 1080 5904 t
(ORing the process licenses with the nominal licenses, then ANDing with the nominal capabilities.)13 3922 1 1080 6024 t
( builtin maximum \256le licenses for)5 1408( The)1 216(The builtin minimum \256le capabilities are all 0.)7 1938 3 1080 6192 t
10 CW f
(T_SETPRIV)4679 6192 w
10 R f
(and)5256 6192 w
10 CW f
(T_LOG)1080 6312 w
10 R f
(are 0; the rest are 1.)5 786 1 1405 6312 t
(The)1080 6480 w
10 I f
(name)1263 6480 w
10 R f
( the \256rst two bytes of that \256le are)8 1353( If)1 120(argument is a pointer to the name of the \256le to be executed.)12 2419 3 1508 6480 t
(the ASCII characters)2 846 1 1080 6600 t
10 CW f
(#!)1956 6600 w
10 R f
( line of the \256le is taken to be ASCII and determines the name of the)15 2759(, then the \256rst)3 565 2 2076 6600 t
( \256rst nonblank string following)4 1249( The)1 206(program to execute.)2 797 3 1080 6720 t
10 CW f
(#!)3358 6720 w
10 R f
(in that line is substituted for)5 1125 1 3504 6720 t
10 I f
(name.)4656 6720 w
10 R f
(Any second)1 476 1 4924 6720 t
( by blanks or tabs, is inserted between the \256rst two arguments \(arguments 0)13 3091(string, separated from the \256rst)4 1229 2 1080 6840 t
(and 1\) passed to the invoked \256le.)6 1318 1 1080 6960 t
(The argument pointers)2 916 1 1080 7128 t
10 I f
(arg0, arg1, ...)2 565 1 2027 7128 t
10 R f
(or the pointers in)3 701 1 2624 7128 t
10 I f
(argv)3357 7128 w
10 R f
( Convention-)1 557(address null-terminated strings.)2 1271 2 3572 7128 t
(ally argument 0 is the name of the \256le.)8 1540 1 1080 7248 t
( 12)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 12 12
%%Page: 13 13
/saveobj save def
mark
13 pagesetup
10 R f
( \( 2 \))3 140( EXEC)1 4139(EXEC \( 2 \))3 401 3 720 480 t
10 I f
(Execl)1080 960 w
10 R f
( known \256le with known arguments is being called; the arguments to)11 2833(is useful when a)3 676 2 1336 960 t
10 I f
(execl)4881 960 w
10 R f
(are the)1 279 1 5121 960 t
(character strings constituting the \256le and the arguments.)7 2236 1 1080 1080 t
10 I f
(Execv)1080 1248 w
10 R f
( number of arguments is unknown in advance; the arguments to)10 2551(is useful when the)3 724 2 1342 1248 t
10 I f
(execv)4643 1248 w
10 R f
(are the name)2 511 1 4889 1248 t
( last argument string must be)5 1158( The)1 205( \256le to be executed and a vector of strings containing the arguments.)12 2726(of the)1 231 4 1080 1368 t
(followed by a 0 pointer.)4 957 1 1080 1488 t
(When a C program is executed, it is called as follows:)10 2155 1 1080 1656 t
10 CW f
(main\(argc, argv, envp\))2 1320 1 1440 1824 t
(int argc;)1 540 1 1440 1944 t
(char **argv, **envp;)2 1200 1 1440 2064 t
10 R f
(where)1080 2232 w
10 I f
(argc)1355 2232 w
10 R f
(is the argument count and)4 1064 1 1571 2232 t
10 I f
(argv)2668 2232 w
10 R f
(is an array of character pointers to the arguments themselves.)9 2516 1 2884 2232 t
(Conventionally)1080 2352 w
10 I f
(argc)1722 2352 w
10 R f
(is at least 1 and)4 616 1 1930 2352 t
10 CW f
(argv[0])2571 2352 w
10 R f
(points to the name of the file.)6 1174 1 3016 2352 t
10 I f
(Argv)1080 2520 w
10 R f
(is directly usable in another)4 1104 1 1299 2520 t
10 I f
(execv)2428 2520 w
10 R f
(because)2673 2520 w
10 CW f
(argv[argc]==0)3013 2520 w
10 R f
(.)3793 2520 w
10 I f
(Envp)1080 2688 w
10 R f
( strings that constitute the)4 1048(is a pointer to an array of)6 1027 2 1314 2688 t
10 I f
(environment)3419 2688 w
10 R f
( string conven-)2 609( Each)1 254(of the process.)2 589 3 3948 2688 t
(tionally consists of a name, an)5 1225 1 1080 2808 t
10 CW f
(=)2333 2808 w
10 R f
( a null-terminated value; or a name, a pair of parentheses)10 2289(, and)1 197 2 2393 2808 t
10 CW f
(\(\),)4906 2808 w
10 R f
(a value)1 287 1 5113 2808 t
(bracketed by)1 514 1 1080 2928 t
10 CW f
({)1621 2928 w
10 R f
(and)1708 2928 w
10 CW f
(})1879 2928 w
10 R f
( shell)1 217( The)1 208( array of pointers is terminated by a null pointer.)9 1963( The)1 207(, and a null character.)4 866 5 1939 2928 t
10 I f
(sh)1080 3048 w
10 R f
( See)1 201( for each global shell variable defined when the program is called.)11 2715(\(1\) passes an environment entry)4 1307 3 1177 3048 t
10 I f
(environ)1080 3168 w
10 R f
(\(5\) for some conventionally used names.)5 1625 1 1393 3168 t
(The C run-time start-off routine places a copy of)8 1940 1 1080 3336 t
10 I f
(envp)3045 3336 w
10 R f
(in the global cell)3 672 1 3258 3336 t
10 I f
(environ,)3956 3336 w
10 R f
(which is used by)3 672 1 4312 3336 t
10 I f
(execv)5010 3336 w
10 R f
(and)5256 3336 w
10 I f
(execl)1080 3456 w
10 R f
( The)1 209( any subprograms executed by the current program.)7 2084(to pass the environment to)4 1075 3 1314 3456 t
10 I f
(exec)4711 3456 w
10 R f
(routines use)1 484 1 4916 3456 t
(lower-level routines as follows to pass an environment explicitly:)8 2614 1 1080 3576 t
10 CW f
(execve\(file, argv, environ\);)2 1680 1 1440 3744 t
(execle\(file, arg0, arg1, . . . , argn, \(char *\)0, environ\);)10 3540 1 1440 3864 t
10 I f
(Execlp)1080 4032 w
10 R f
(and)1381 4032 w
10 I f
(execvp)1555 4032 w
10 R f
( as)1 114(are called with the same arguments)5 1430 2 1855 4032 t
10 I f
(execl)3430 4032 w
10 R f
(and)3665 4032 w
10 I f
(execv,)3840 4032 w
10 R f
(but duplicate the shell's actions)4 1284 1 4116 4032 t
(in searching for an executable file in a list of directories given in the)13 2725 1 1080 4152 t
10 CW f
(PATH)3830 4152 w
10 R f
(environment variable.)1 876 1 4095 4152 t
10 I f
(Exect)1080 4320 w
10 R f
(is the same as)3 576 1 1334 4320 t
10 I f
(execve,)1943 4320 w
10 R f
( on the first instruction of the new core)8 1625(except it arranges for a stop to occur)7 1510 2 2265 4320 t
(image for the benefit of tracers, see)6 1409 1 1080 4440 t
10 I f
(proc)2514 4440 w
10 R f
(\(4\).)2705 4440 w
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 4608 t
10 CW f
(/bin/sh)1080 4728 w
10 R f
(shell, invoked if command \256le found by)6 1602 1 1620 4728 t
10 I f
(execlp)3247 4728 w
10 R f
(or)3526 4728 w
10 I f
(execvp)3634 4728 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 4896 t
10 I f
(fork)1080 5016 w
10 R f
(\(2\),)1249 5016 w
10 I f
(environ)1415 5016 w
10 R f
(\(5\))1728 5016 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 5184 t
10 CW f
(E2BIG)1080 5304 w
10 R f
(,)1380 5304 w
10 CW f
(EACCES)1449 5304 w
10 R f
(,)1809 5304 w
10 CW f
(EFAULT)1878 5304 w
10 R f
(,)2238 5304 w
10 CW f
(EIO)2307 5304 w
10 R f
(,)2487 5304 w
10 CW f
(ELAB)2556 5304 w
10 R f
(,)2796 5304 w
10 CW f
(ELOOP)2865 5304 w
10 R f
(,)3165 5304 w
10 CW f
(ENOENT)3235 5304 w
10 R f
(,)3595 5304 w
10 CW f
(ENOEXEC)3665 5304 w
10 R f
(,)4085 5304 w
10 CW f
(ENOMEM)4155 5304 w
10 R f
(,)4515 5304 w
10 CW f
(ENOTDIR)4585 5304 w
10 R f
(,)5005 5304 w
10 CW f
(ENXIO)5075 5304 w
10 R f
(,)5375 5304 w
10 CW f
(EROFS)1080 5424 w
10 R f
(,)1380 5424 w
10 CW f
(ETXTBSY)1430 5424 w
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 5592 t
10 R f
(If)1080 5712 w
10 I f
(execvp)1175 5712 w
10 R f
( \256le that turns out to be a shell command \256le, and if it is impossible to exe-)17 3079(is called to execute a)4 847 2 1474 5712 t
(cute the shell, some of the values in)7 1426 1 1080 5832 t
10 I f
(argv)2531 5832 w
10 R f
(may be modi\256ed before return.)4 1239 1 2739 5832 t
(The path search of)3 739 1 1080 5952 t
10 I f
(execlp)1844 5952 w
10 R f
(and)2123 5952 w
10 I f
(execvp)2292 5952 w
10 R f
(does not extend to names substituted by)6 1594 1 2587 5952 t
10 CW f
(#!)4206 5952 w
10 R f
(.)4326 5952 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 13)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 13 13
%%Page: 14 14
/saveobj save def
mark
14 pagesetup
10 R f
( \( 2 \))3 140( GETFLAB)1 3950(GETFLAB \( 2 \))3 590 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(get\257ab, fget\257ab, set\257ab, fset\257ab \261 get or set \256le security label and privilege)12 3010 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <sys/label.h>)1 1320 1 1080 1368 t
(getflab\(name, labp\))1 1140 1 1080 1536 t
(char *name;)1 660 1 1080 1656 t
(struct label *labp;)2 1140 1 1080 1776 t
(fgetflab\(fildes, labp\))1 1320 1 1080 1944 t
(struct label *labp;)2 1140 1 1080 2064 t
(setflab\(name, labp\))1 1140 1 1080 2232 t
(char *name;)1 660 1 1080 2352 t
(struct label *labp;)2 1140 1 1080 2472 t
(fsetflab\(fildes, labp\))1 1320 1 1080 2640 t
(struct label *labp;)2 1140 1 1080 2760 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2928 t
10 I f
(Get\257ab)1080 3048 w
10 R f
( \256le into the structure pointed to by)7 1506(copies the security label from the the named)7 1857 2 1412 3048 t
10 I f
(labp)4814 3048 w
10 R f
(.)5000 3048 w
10 I f
(Fgetlab)5089 3048 w
10 R f
( \256eld)1 203( The)1 205(copies the security label from an open \256le speci\256ed by \256le descriptor.)11 2779 3 1080 3168 t
10 CW f
(lb_junk)4292 3168 w
10 R f
(is always zero.)2 590 1 4737 3168 t
(The structure of a security label as de\256ned in)8 1796 1 1080 3336 t
10 CW f
(<sys/label.h>)2901 3336 w
10 R f
(is)3706 3336 w
10 CW f
( 60)1 660(#define LABSIZ)1 840 2 1080 3504 t
( {)1 120(struct labpriv)1 900 2 1080 3624 t
( : 16,/* poison level, see syslog\(2\) */)7 2340( lp_junk)1 600(unsigned int)1 720 3 1560 3744 t
(lp_flag : 2,)2 720 1 2460 3864 t
(lp_fix : 2,/* fixity */)4 1380 1 2460 3984 t
(lp_t : 6,/* capabilities */)4 1620 1 2460 4104 t
(lp_u : 6;/* licenses */)4 1380 1 2460 4224 t
(};)1080 4344 w
( {)1 120(struct label)1 780 2 1080 4464 t
(struct labpriv lb_priv;)2 1380 1 1560 4584 t
( lb_bits[LABSIZ];)1 1080(unsigned char)1 780 2 1560 4704 t
( lb_junk lb_priv.lp_junk)2 1440(# define)1 840 2 1080 4824 t
( lb_flag lb_priv.lp_flag)2 1440(# define)1 840 2 1080 4944 t
( lb_priv.lp_t)1 960( lb_t)1 300(# define)1 840 3 1080 5064 t
( lb_priv.lp_u)1 960( lb_u)1 300(# define)1 840 3 1080 5184 t
( lb_priv.lp_fix)1 960( lb_fix)1 420(# define)1 840 3 1080 5304 t
(};)1080 5424 w
(/* codes in lb_flag */)4 1320 1 2460 5544 t
( 1)1 660(#define L_YES)1 780 2 1080 5664 t
( 2)1 720(#define L_NO)1 720 2 1080 5784 t
( 3)1 600(#define L_BITS)1 840 2 1080 5904 t
(/* codes in lb_fix */)4 1260 1 2460 6024 t
( 0)1 540(#define F_LOOSE)1 900 2 1080 6144 t
( 1)1 480(#define F_FROZEN)1 960 2 1080 6264 t
( 2)1 540(#define F_RIGID)1 900 2 1080 6384 t
( 3)1 540(#define F_CONST)1 900 2 1080 6504 t
(/* bits of lb_t and lb_u */)6 1620 1 2460 6624 t
( may set file privilege */)5 1560( 001 /*)2 1020(#define T_SETPRIV)1 1020 3 1080 6744 t
( may change process license */)5 1800( /*)1 480( 002)1 600(#define T_SETLIC)1 960 4 1080 6864 t
( exempt from label checking */)5 1800( /*)1 480( 004)1 660(#define T_NOCHK)1 900 4 1080 6984 t
( may introduce foreign data */)5 1800( /*)1 480( 010)1 600(#define T_EXTERN)1 960 4 1080 7104 t
( may write in u area */)6 1380( /*)1 480( 020)1 660(#define T_UAREA)1 900 4 1080 7224 t
10 R f
( 14)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 14 14
%%Page: 15 15
/saveobj save def
mark
15 pagesetup
10 R f
( \( 2 \))3 140( GETFLAB)1 3950(GETFLAB \( 2 \))3 590 3 720 480 t
10 CW f
( may execure syslog\(\) call */)5 1740( /*)1 480( 040)1 780(#define T_LOG)1 780 4 1080 960 t
10 R f
(Three types of labels are distinguished by the)7 1811 1 1080 1128 t
10 CW f
(lb_flag)2916 1128 w
10 R f
(\256eld:)3361 1128 w
10 CW f
(L_YES)1080 1344 w
10 R f
( inode data \(see)3 644( Its)1 157( label.)1 251(The \256le can be read or modi\256ed without regard to)9 2042 4 1560 1344 t
10 I f
(stat)4686 1344 w
10 R f
(\(2\)\) have per-)2 561 1 4839 1344 t
(manent conventional values.)2 1140 1 1560 1464 t
10 I f
(Null)2750 1464 w
10 R f
(\(4\),)2931 1464 w
10 I f
(log)3097 1464 w
10 R f
(\(4\), and)1 310 1 3233 1464 t
10 I f
(fd)3568 1464 w
10 R f
(\(4\) are labeled)2 575 1 3654 1464 t
10 CW f
(L_YES)4254 1464 w
10 R f
(.)4554 1464 w
10 CW f
(L_NO)1080 1632 w
10 R f
( and its inode cannot be read or written except by processes with capability)13 3335(The the \256le)2 505 2 1560 1632 t
10 CW f
(T_NOCHK)1560 1752 w
10 R f
(. A)1 161 1 1980 1752 t
10 CW f
(L_NO)2179 1752 w
10 R f
(label may be changed by processes with capability)7 2112 1 2457 1752 t
10 CW f
(T_EXTERN)4607 1752 w
10 R f
(, unless)1 313 1 5087 1752 t
(prevented by)1 518 1 1560 1872 t
10 CW f
(F_CONST)2103 1872 w
10 R f
(described below.)1 676 1 2548 1872 t
10 CW f
(L_BITS)1080 2040 w
10 R f
( value', given by)3 713(The label has a `lattice)4 955 2 1560 2040 t
10 CW f
(lb_bits)3267 2040 w
10 R f
(and so called because the values form a)7 1674 1 3726 2040 t
(mathematical lattice with bitwise AND as the meet operation and OR as the join.)13 3235 1 1560 2160 t
( destination of a)3 656( The)1 210( data may only \257ow `up' the lattice.)7 1461( Normally)1 438( \256le has a label.)4 644(Each process and each)3 911 6 1080 2328 t
( must have a lattice value that dominates \(bitwise\) the lattice value)11 2671(read, write, inode query, or inode change)6 1649 2 1080 2448 t
(of the source, unless the process concerned has capability)8 2297 1 1080 2568 t
10 CW f
(T_NOCHK)3402 2568 w
10 R f
(.)3822 2568 w
(To assure upward \257ow, a)4 1010 1 1080 2736 t
10 I f
(read)2116 2736 w
10 R f
(\(2\) or an inode query \(e.g.)5 1049 1 2307 2736 t
10 I f
(stat)3382 2736 w
10 R f
( \256le label to be OR-ed)5 895(\(2\)\) normally causes the)3 970 2 3535 2736 t
( a)1 74( Similarly)1 428(into the process label.)3 886 3 1080 2856 t
10 I f
(write)2497 2856 w
10 R f
(\(2\) or an inode change \(as by)6 1187 1 2711 2856 t
10 I f
(chmod)3927 2856 w
10 R f
(\(2\) or)1 228 1 4201 2856 t
10 I f
(link)4458 2856 w
10 R f
(\(2\)\) causes the pro-)3 784 1 4616 2856 t
( such side-effect changes in a \256le or process label may)10 2232( However)1 421( into the \256le label.)4 749(cess label to be OR-ed)4 918 4 1080 2976 t
( the process ceiling; see)4 992(happen only if the label is loose \(see below\) and the new label is dominated by)15 3328 2 1080 3096 t
10 I f
(getplab)1080 3216 w
10 R f
( the system call terminates with error)6 1481(\(2\). Otherwise)1 601 2 1388 3216 t
10 CW f
(ELAB)3495 3216 w
10 R f
(.)3735 3216 w
( of, and made prior to, the permission checks described in)10 2517(Security checks are independent)3 1348 2 1080 3384 t
10 I f
(access)4991 3384 w
10 R f
(\(2\).)5259 3384 w
(Super-user processes are subject to security checks.)6 2058 1 1080 3504 t
10 I f
(Set\257ab)1080 3672 w
10 R f
( \256le with the contents of the structure pointed to by)10 2143(replaces the security label of the named)6 1633 2 1386 3672 t
10 I f
(labp.)5197 3672 w
(Fset\257ab)1080 3792 w
10 R f
( the new label has \257ag)5 950( If)1 128(replaces the security label of an open \256le speci\256ed by \256le descriptor.)11 2882 3 1440 3792 t
10 CW f
(L_BITS)1080 3912 w
10 R f
( and be dominated by)4 864(, the new lattice value must dominate the old one, dominate the process label,)13 3096 2 1440 3912 t
( the new label has \257ag)5 900( If)1 118(the process ceiling.)2 772 3 1080 4032 t
10 CW f
(L_NO)2897 4032 w
10 R f
( dominated by the process ceiling.)5 1370(, the old label must be)5 893 2 3137 4032 t
(Flag)1080 4152 w
10 CW f
(L_YES)1283 4152 w
10 R f
( \256eld)1 203( The)1 205(is an error.)2 429 3 1608 4152 t
10 CW f
(lb_junk)2470 4152 w
10 R f
(is ignored.)1 422 1 2915 4152 t
(The \256eld)1 366 1 1080 4320 t
10 CW f
(lb_t)1479 4320 w
10 R f
(contains `capability' bits;)2 1032 1 1752 4320 t
10 CW f
(lb_u)2817 4320 w
10 R f
( `license' bits; their meanings are)5 1373(contains corresponding)1 937 2 3090 4320 t
(described in)1 493 1 1080 4440 t
10 I f
(getplab)1606 4440 w
10 R f
(\(2\) and)1 293 1 1914 4440 t
10 I f
(exec)2240 4440 w
10 R f
( \256le that has)3 507( Any)1 229( two \256elds together are known as `privileges'.)7 1886(\(2\). The)1 354 4 2424 4440 t
( and cannot be changed, in contents or in inode, except by processes)12 2830(nonzero privileges is called `trusted')4 1490 2 1080 4560 t
(with capability)1 597 1 1080 4680 t
10 CW f
(T_SETPRIV)1702 4680 w
10 R f
(.)2242 4680 w
( or less freedom according to its)6 1293(Aside from considerations of trustedness, a label can be changed with more)11 3027 2 1080 4848 t
(`\256xity',)1080 4968 w
10 CW f
(lb_fix)1408 4968 w
10 R f
(:)1768 4968 w
10 CW f
(F_LOOSE)1080 5184 w
10 R f
( as a side effect as)5 777(Any process can change the lattice value of a loose \256le label implicitly)12 2943 2 1680 5184 t
(described above or \(up to the process ceiling\) explicitly with)9 2574 1 1680 5304 t
10 I f
(set\257ab)4295 5304 w
10 R f
(or)4597 5304 w
10 I f
(fset\257ab.)4721 5304 w
10 R f
(The \256le)1 324 1 5076 5304 t
(owner or the super-user can change the \256xity.)7 1823 1 1680 5424 t
10 CW f
(F_FROZEN)1080 5592 w
10 R f
( \256xity can be changed by the \256le)7 1413( The)1 221( label cannot change.)3 890(The lattice value of a frozen)5 1196 4 1680 5592 t
(owner or the super-user.)3 969 1 1680 5712 t
10 CW f
(F_RIGID)1080 5880 w
10 R f
( with capability)2 648(Only processes)1 619 2 1680 5880 t
10 CW f
(T_EXTERN)2985 5880 w
10 R f
(can change a rigid label; see)5 1192 1 3503 5880 t
10 I f
(getplab)4733 5880 w
10 R f
(\(2\). The)1 359 1 5041 5880 t
( loose)1 242( A)1 128( rigid.)1 245(labels of external media, such as terminals, tapes or disks, are automatically)11 3105 4 1680 6000 t
(or frozen label on a stream \(see)6 1335 1 1680 6120 t
10 I f
(stream)3054 6120 w
10 R f
( facility allows)2 624( This)1 242(\(4\)\) can be changed to rigid.)5 1200 3 3334 6120 t
(\256lters, such as)2 589 1 1680 6240 t
10 I f
(mux)2304 6240 w
10 R f
( \256xity of a rigid)4 664( The)1 215(\(9.1\), to make pipes behave like external devices.)7 2043 3 2478 6240 t
(label cannot change.)2 817 1 1680 6360 t
10 CW f
(F_CONST)1080 6528 w
10 R f
( labels of certain special \256les, such as)7 1756( The)1 242(A constant label may not be changed.)6 1722 3 1680 6528 t
10 CW f
(/dev/null)1680 6648 w
10 R f
(and)2248 6648 w
10 CW f
(/dev/mem)2420 6648 w
10 R f
(, are automatically constant; no other labels may become con-)9 2500 1 2900 6648 t
(stant.)1680 6768 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 6936 t
10 I f
(getplab)1080 7056 w
10 R f
(\(2\),)1388 7056 w
10 I f
(getlab)1554 7056 w
10 R f
(\(1\),)1812 7056 w
10 I f
(labLE)1978 7056 w
10 R f
(\(3\),)2231 7056 w
10 I f
(setlab)2397 7056 w
10 R f
(\(8\),)2644 7056 w
10 I f
(unsafe)2810 7056 w
10 R f
(\(2\),)3079 7056 w
10 I f
(signal)3245 7056 w
10 R f
(\(2\))3498 7056 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 15)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 15 15
%%Page: 16 16
/saveobj save def
mark
16 pagesetup
10 R f
( \( 2 \))3 140( GETFLAB)1 3950(GETFLAB \( 2 \))3 590 3 720 480 t
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 960 t
10 CW f
(EFAULT, EIO, ELAB, ELOOP, ENOENT, ENOTDIR)5 2460 1 1080 1080 t
10 R f
( 16)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 16 16
%%Page: 17 17
/saveobj save def
mark
17 pagesetup
10 R f
( \( 2 \))3 140( GETPLAB)1 3950(GETPLAB \( 2 \))3 590 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(getplab, setplab \261 get or set process security label and privilege)10 2526 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <sys/label.h>)1 1320 1 1080 1368 t
(getplab\(labp, ceilp\))1 1200 1 1080 1536 t
(struct label *labp, *ceilp;)3 1620 1 1080 1656 t
(setplab\(labp, ceilp\))1 1200 1 1080 1824 t
(struct label *labp, *ceilp;)3 1620 1 1080 1944 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2112 t
10 I f
(Getplab)1080 2232 w
10 R f
( called `the ceiling', of the current)6 1432(copies the security label and the ceiling label, usually simply)9 2530 2 1438 2232 t
(process into the structures pointed to by)6 1611 1 1080 2352 t
10 I f
(labp)2719 2352 w
10 R f
(and)2925 2352 w
10 I f
(ceilp.)3097 2352 w
10 R f
( structure)1 376( The)1 207( zero pointer.)2 533(No copy happens for a)4 915 4 3369 2352 t
(and meaning of labels are described in)6 1553 1 1080 2472 t
10 I f
(get\257ab)2661 2472 w
10 R f
( lid; the process can only access)6 1299( ceiling is a security)4 811(\(2\). The)1 349 3 2941 2472 t
(\256les with labels dominated by the ceiling.)6 1669 1 1080 2592 t
( capabilities are)2 636( The)1 210( special security `capabilities', in which case it is called `trusted'.)10 2656(A process may have)3 818 4 1080 2760 t
( from its parent process; see)5 1142(obtained from the \256le it is executing, usually as `licensed')9 2368 2 1080 2880 t
10 I f
(exec)4620 2880 w
10 R f
( capa-)1 245(\(2\). The)1 351 2 4804 2880 t
( licenses are given by bits in the \256elds)8 1601(bilities and corresponding)2 1056 2 1080 3000 t
10 I f
(labp)3772 3000 w
10 CW f
(->lb_t)3958 3000 w
10 R f
(and)4353 3000 w
10 I f
(labp)4532 3000 w
10 CW f
(->lb_u)4718 3000 w
10 R f
(respec-)5113 3000 w
( bits are de\256ned by the masks)6 1182(tively. The)1 458 2 1080 3120 t
10 CW f
(T_SETPRIV)1080 3336 w
10 R f
(The process can change the privileges of \256les; see)8 1995 1 1740 3336 t
10 I f
(get\257ab)3760 3336 w
10 R f
(\(2\).)4040 3336 w
10 CW f
(T_SETLIC)1080 3504 w
10 R f
(The process can increase its own licenses; see below.)8 2125 1 1740 3504 t
10 CW f
(T_EXTERN)1080 3672 w
10 R f
( sources into view by mounting \256le systems or setting)9 2315(The process can bring new data)5 1345 2 1740 3672 t
(labels of \(open\) special \256les; see)5 1300 1 1740 3792 t
10 I f
(get\257ab)3065 3792 w
10 R f
(\(2\).)3345 3792 w
10 CW f
(T_NOCHK)1080 3960 w
10 R f
( reading or writing \256les or)5 1051(Ordinary checks and changes of lattice values are not made when)10 2609 2 1740 3960 t
(inodes or when setting the process label.)6 1617 1 1740 4080 t
10 CW f
(T_UAREA)1080 4248 w
10 R f
( may be accessed by descendent processes)6 1719(The process can change certain information that)6 1941 2 1740 4248 t
(without label checks; see)3 1001 1 1740 4368 t
10 I f
(setuid)2766 4368 w
10 R f
(\(2\) and)1 285 1 3013 4368 t
10 I f
(stream)3323 4368 w
10 R f
(\(4\).)3603 4368 w
10 CW f
(T_LOG)1080 4536 w
10 R f
(The process can change logging status; see)6 1713 1 1740 4536 t
10 I f
(syslog)3478 4536 w
10 R f
(\(2\).)3736 4536 w
10 I f
(Setplab)1080 4704 w
10 R f
(copies the structures pointed to by)5 1458 1 1423 4704 t
10 I f
(labp)2924 4704 w
10 R f
(and)3145 4704 w
10 I f
(ceilp)3332 4704 w
10 R f
( ceiling label.)2 579(into the process label and the)5 1252 2 3569 4704 t
(Unless the process has capability)4 1352 1 1080 4824 t
10 CW f
(T_NOCHK)2465 4824 w
10 R f
( value of the process label must dominate the)8 1859(, the new lattice)3 656 2 2885 4824 t
(old and the old lattice value of the ceiling must dominate the new.)12 2639 1 1080 4944 t
(The new label \257ag must be)5 1079 1 1080 5112 t
10 CW f
(L_BITS)2184 5112 w
10 R f
( value of the new ceiling label must dominate the lattice)10 2246(, and the lattice)3 610 2 2544 5112 t
(value of the new process label.)5 1230 1 1080 5232 t
( may increase only if the process has capability)8 1885( Licenses)1 399(Capabilites may not increase.)3 1176 3 1080 5400 t
10 CW f
(T_SETLIC)4565 5400 w
10 R f
(.)5045 5400 w
(The \256xity,)1 422 1 1080 5568 t
10 CW f
(lb_fix)1532 5568 w
10 R f
( set only to)3 460(, of a process may be)5 867 2 1892 5568 t
10 CW f
(F_LOOSE)3250 5568 w
10 R f
(or)3701 5568 w
10 CW f
(F_FROZEN)3815 5568 w
10 R f
( the latter case the pro-)5 941(. In)1 164 2 4295 5568 t
(cess label can not change as a side effect of label checking.)11 2359 1 1080 5688 t
( set by)2 271( the ceiling is)3 548( When)1 292(The bits of the ceiling pointer are themselves labeled as if they were a mini\256le.)14 3209 4 1080 5856 t
10 I f
(setplab,)1080 5976 w
10 R f
( process has capability)3 946(the mini\256le label is set to the old value of the process label, unless the)14 3019 2 1435 5976 t
10 CW f
(T_SETLIC)1080 6096 w
10 R f
( is read by)3 431( the ceiling)2 454( When)1 293(, in which the mini\256le label is set to bottom.)9 1810 4 1560 6096 t
10 I f
(getplab,)4579 6096 w
10 R f
(the mini\256le)1 465 1 4935 6096 t
(label is checked as if read by)6 1152 1 1080 6216 t
10 I f
(read)2257 6216 w
10 R f
(\(2\).)2448 6216 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 6384 t
10 CW f
(EFAULT)1080 6504 w
10 R f
(,)1440 6504 w
10 CW f
(ELAB)1490 6504 w
10 R f
(,)1730 6504 w
10 CW f
(EPRIV)1780 6504 w
10 R f
(If)1080 6624 w
10 I f
(getplab)1182 6624 w
10 R f
( are \256lled in,)3 541(cannot raise the process label to dominate the mini\256le label, the requested labels)12 3341 2 1518 6624 t
(with the ceiling being censored to \257ag)6 1526 1 1080 6744 t
10 CW f
(L_NO ,)1 360 1 2631 6744 t
10 R f
(and)3016 6744 w
10 CW f
(ELAB)3185 6744 w
10 R f
(is returned.)1 449 1 3450 6744 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 6912 t
10 I f
(get\257ab)1080 7032 w
10 R f
(\(2\),)1360 7032 w
10 I f
(unsafe)1526 7032 w
10 R f
(\(2\),)1795 7032 w
10 I f
(exec)1961 7032 w
10 R f
(\(2\),)2145 7032 w
10 I f
(session)2311 7032 w
10 R f
(\(1\),)2608 7032 w
10 I f
(setlab)2774 7032 w
10 R f
(\(8\))3021 7032 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 17)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 17 17
%%Page: 18 18
/saveobj save def
mark
18 pagesetup
10 R f
( \( 2 \))3 140( LABMOUNT)1 3834(LABMOUNT \( 2 \))3 706 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(labmount \261 return \256le system ceiling label)6 1688 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(int labmount\(fd, lp\))2 1200 1 1080 1368 t
(struct label *lp;)2 1020 1 1080 1488 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1656 t
10 R f
(If the \256le with descriptor)4 993 1 1080 1776 t
10 I f
(fd)2098 1776 w
10 R f
(resides in a \256le system,)4 930 1 2201 1776 t
10 I f
(labmount)3156 1776 w
10 R f
( \256le system into)3 640(copies the ceiling label of that)5 1201 2 3559 1776 t
(the place pointed to by)4 938 1 1080 1896 t
10 I f
(lp.)2050 1896 w
10 R f
( system, the ceiling is reported to be)7 1485(If the \256le does not reside in a \256le)8 1371 2 2185 1896 t
10 CW f
(L_YES)5072 1896 w
10 R f
(;)5372 1896 w
(see)1080 2016 w
10 I f
(get\257ab)1232 2016 w
10 R f
(\(2\).)1512 2016 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 2184 t
10 I f
(fmount)1080 2304 w
10 R f
(\(2\))1366 2304 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 2472 t
10 CW f
(EBADF, EFAULT, EIO, ELOOP, ENOENT, ENOTDIR)5 2520 1 1080 2592 t
10 R f
( 18)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 18 18
%%Page: 19 19
/saveobj save def
mark
19 pagesetup
10 R f
( \( 2 \))3 140( NOCHK)1 4045(NOCHK \( 2 \))3 495 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(nochk \261 control security checking by \256le)6 1631 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(nochk\(fd, onoff\);)1 1020 1 1080 1368 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1536 t
10 I f
(Nochk)1080 1656 w
10 R f
(modi\256es \256le security checks in processes that have capability)8 2452 1 1360 1656 t
10 CW f
(T_NOCHK)3837 1656 w
10 R f
(. If)1 141 1 4257 1656 t
10 I f
(onoff)4423 1656 w
10 R f
( \256le descriptor)2 579(is 1,)1 167 2 4654 1656 t
10 I f
(fd)1080 1776 w
10 R f
( If)1 124( is the default state.)4 806(becomes exempt from security checks; this)5 1767 3 1192 1776 t
10 I f
(onoff)3922 1776 w
10 R f
(is 0, the \256le descriptor will be)6 1239 1 4161 1776 t
(checked as if the process did not have capability)8 1929 1 1080 1896 t
10 CW f
(T_NOCHK)3034 1896 w
10 R f
(.)3454 1896 w
(The return value is the previous checking state.)7 1885 1 1080 2064 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 2232 t
10 I f
(getplab)1080 2352 w
10 R f
(\(2\))1388 2352 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 2520 t
10 CW f
(EBADF)1080 2640 w
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 2808 t
10 R f
( to let 0 be the default state, but this would have required modifying standard utili-)15 3342(It would have been wise)4 978 2 1080 2928 t
(ties, such as)2 480 1 1080 3048 t
10 I f
(fsck)1585 3048 w
10 R f
(\(8\), which must be run with privilege)6 1490 1 1748 3048 t
10 CW f
(T_NOCHK)3263 3048 w
10 R f
(.)3683 3048 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 19)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 19 19
%%Page: 20 20
/saveobj save def
mark
20 pagesetup
10 R f
( \( 2 \))3 140( SEEK)1 4150(SEEK \( 2 \))3 390 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(seek, tell, lseek, llseek)3 893 1 1080 1080 t
10 S f
(-)1998 1080 w
10 R f
(manipulate read/write pointer)2 1181 1 2078 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(int seek\(fildes, offset, whence\))3 1920 1 1080 1368 t
(long offset)1 660 1 1080 1488 t
(long tell\(fildes\))1 1020 1 1080 1656 t
( offset;)1 480( long)1 265(long lseek\(fildes, offset, whence\))3 2040 3 1080 1824 t
(Long llseek\(fildes, offset, whence\))3 2100 1 1080 1992 t
(Long offset;)1 720 1 1080 2112 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2280 t
10 I f
(Seek)1080 2400 w
10 R f
(sets the \256le pointer for the \256le associated with)8 1837 1 1287 2400 t
10 I f
(\256ldes)3149 2400 w
10 R f
(as follows:)1 436 1 3385 2400 t
(If)1440 2568 w
10 I f
(whence)1531 2568 w
10 R f
(is 0, the pointer is set to)6 953 1 1855 2568 t
10 I f
(offset)2833 2568 w
10 R f
(bytes.)3075 2568 w
(If)1440 2736 w
10 I f
(whence)1531 2736 w
10 R f
(is 1, the pointer is set to its current location plus)10 1919 1 1855 2736 t
10 I f
(offset)3799 2736 w
10 R f
(.)4024 2736 w
(If)1440 2904 w
10 I f
(whence)1531 2904 w
10 R f
(is 2, the pointer is set to the size of the file plus)12 1885 1 1855 2904 t
10 I f
(offset)3765 2904 w
10 R f
(.)3990 2904 w
10 I f
(Tell)1080 3072 w
10 R f
(returns the value of the file pointer associated with)8 2024 1 1261 3072 t
10 I f
(fildes.)3310 3072 w
(Lseek)1080 3240 w
10 R f
(is equivalent to)2 611 1 1332 3240 t
10 I f
(seek)1968 3240 w
10 R f
(followed by)1 480 1 2164 3240 t
10 I f
(tell.)2669 3240 w
(Llseek)1080 3408 w
10 R f
(is like)1 242 1 1360 3408 t
10 I f
(lseek,)1627 3408 w
10 R f
(but handles i.e. 64-bit, file pointers.)5 1424 1 1876 3408 t
( `hole,' which occupies no physical space)6 1672(Seeking far beyond the end of a file, then writing, creates a gap or)13 2648 2 1080 3576 t
(and reads as zeros.)3 747 1 1080 3696 t
( security-label calculations,)2 1105( For)1 194( have security labels separate from files.)6 1634(File pointers)1 507 4 1080 3864 t
10 I f
(seek)4550 3864 w
10 R f
(is understood to)2 649 1 4751 3864 t
(`write' the pointer,)2 753 1 1080 3984 t
10 I f
(tell)1859 3984 w
10 R f
( If)1 117(to `read' it.)2 448 2 2013 3984 t
10 I f
(whence)2604 3984 w
10 R f
(is 0 on)2 269 1 2929 3984 t
10 I f
(seek,)3224 3984 w
10 R f
( pointer does not depend)4 982(the new value of the file)5 972 2 3446 3984 t
(on the old value.)3 666 1 1080 4104 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 4272 t
10 I f
(open)1080 4392 w
10 R f
(\(2\),)1282 4392 w
10 I f
(fseek)1448 4392 w
10 R f
(\(3\))1655 4392 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 4560 t
10 CW f
(EBADF)1080 4680 w
10 R f
(,)1380 4680 w
10 CW f
(ESPIPE)1430 4680 w
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 4848 t
10 I f
(Lseek)1080 4968 w
10 R f
(doesn't affect some special files.)4 1305 1 1332 4968 t
( 20)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 20 20
%%Page: 21 21
/saveobj save def
mark
21 pagesetup
10 R f
( \( 2 \))3 140( SYSLOG)1 4011(SYSLOG \( 2 \))3 529 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(syslog \261 security logging)3 1003 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <sys/log.h>)1 1200 1 1080 1368 t
(int syslog\(command, arg2, arg3\))3 1860 1 1080 1536 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1704 t
10 I f
(Syslog)1080 1824 w
10 R f
( The)1 205(controls security logging.)2 1019 2 1366 1824 t
10 I f
(command)2615 1824 w
10 R f
(argument determines the meaning of the other arguments.)7 2307 1 3028 1824 t
(Logging is done by writing on special files, described in)9 2293 1 1080 1992 t
10 I f
(log)3403 1992 w
10 R f
( is the `system log file')5 949( of these files)3 550(\(4\). One)1 362 3 3539 1992 t
( determines)1 473( process has an `audit mask' that)6 1369( Each)1 260(where the kernel records certain events automatically.)6 2218 4 1080 2112 t
(which events cause logging records; mask items are defined in)9 2507 1 1080 2232 t
10 CW f
(<sys/log.h>)3613 2232 w
10 R f
(; see)1 181 1 4273 2232 t
10 I f
(log)4481 2232 w
10 R f
( file has a)3 391(\(5\). Each)1 392 2 4617 2232 t
( kernel has a table of four corresponding `poison masks' and a)11 2552( The)1 211( 2, or 3.)3 326(`poison class' with value 0, 1,)5 1231 4 1080 2352 t
( poison mask corresponding to the)5 1379( a system call mentions a file in a pathname, the)10 1917( When)1 288(global audit mask.)2 736 4 1080 2472 t
( a process executes a file, the global log mask)9 1842(file's poison level is ORed into the process audit mask; when)10 2478 2 1080 2592 t
(is ORed into the process audit mask.)6 1463 1 1080 2712 t
(The forms of the several)4 975 1 1080 2880 t
10 I f
(syslog)2080 2880 w
10 R f
( shown as)2 394( Arguments)1 494(commands follow.)1 744 3 2355 2880 t
10 CW f
(0)4012 2880 w
10 R f
(are ignored.)1 476 1 4097 2880 t
10 CW f
(syslog\(LOGON,)1080 3048 w
10 I f
(fd)1953 3048 w
10 CW f
(,)2064 3048 w
10 I f
(x \))1 102 1 2182 3048 t
10 R f
( descriptor)1 427(Turn logging on; nominate \256le)4 1236 2 1440 3168 t
10 I f
(fd)3131 3168 w
10 R f
(as repository for log \256le with minor device number)8 2066 1 3237 3168 t
10 I f
(x.)5331 3168 w
(Fd)1440 3288 w
10 R f
( will persist after)3 674( Logging)1 389(must be open for writing.)4 1013 3 1576 3288 t
10 I f
(fd)3677 3288 w
10 R f
(is closed.)1 372 1 3780 3288 t
10 CW f
(syslog\(LOGOFF, 0,)1 1020 1 1080 3408 t
10 I f
(x \))1 153 1 2168 3408 t
10 R f
(Turn logging off on minor device number)6 1670 1 1440 3528 t
10 I f
(x.)3135 3528 w
10 CW f
(syslog\(LOGGET,)1080 3648 w
10 I f
(n)1988 3648 w
10 CW f
(, 0\))1 240 1 2046 3648 t
10 R f
(Return the value of the)4 915 1 1440 3768 t
10 I f
(n)2380 3768 w
10 R f
(th poison mask;)2 634 1 2438 3768 t
10 I f
(n)3097 3768 w
10 R f
(=4 designates the global audit mask.)5 1455 1 3155 3768 t
10 CW f
(syslog\(LOGSET,)1080 3888 w
10 I f
(n)1988 3888 w
10 CW f
(,)2046 3888 w
10 I f
(x)2174 3888 w
10 CW f
(\))2226 3888 w
10 R f
(Set the)1 275 1 1440 4008 t
10 I f
(n)1740 4008 w
10 R f
(th poison mask to)3 709 1 1798 4008 t
10 I f
(x.)2532 4008 w
10 CW f
(syslog\(LOGFGET,)1080 4128 w
10 I f
(fd)2048 4128 w
10 CW f
(, 0\))1 240 1 2134 4128 t
10 R f
(Return the poison level of the \256le associated with \256le descriptor)10 2553 1 1440 4248 t
10 I f
(fd)4018 4248 w
10 R f
( for reading)2 467(, which may be open)4 829 2 4104 4248 t
(or writing.)1 422 1 1440 4368 t
10 CW f
(syslog\(LOGFSET,)1080 4488 w
10 I f
(fd)2048 4488 w
10 CW f
(,)2134 4488 w
10 I f
(x)2262 4488 w
10 CW f
(\))2314 4488 w
10 R f
(Set the poison level of the \256le associated with \256le descriptor)10 2409 1 1440 4608 t
10 I f
(fd)3874 4608 w
10 R f
( be open for reading or)5 916(, \(which may)2 524 2 3960 4608 t
(writing\) to)1 438 1 1440 4728 t
10 I f
(x.)1916 4728 w
10 R f
(The poison level is stored in \256eld)6 1411 1 2023 4728 t
10 CW f
(di_label.lb_junk)3472 4728 w
10 R f
(of the \256le's inode; see)4 930 1 4470 4728 t
10 I f
(inode)1440 4848 w
10 R f
(\(5\).)1670 4848 w
10 CW f
(syslog\(LOGPGET,)1080 4968 w
10 I f
(pid)2048 4968 w
10 CW f
(, 0\))1 240 1 2184 4968 t
10 R f
(Return the audit mask of process)5 1312 1 1440 5088 t
10 I f
(pid.)2777 5088 w
10 CW f
(syslog\(LOGPSET,)1080 5208 w
10 I f
(pid)2048 5208 w
10 CW f
(,)2184 5208 w
10 I f
(x)2312 5208 w
10 CW f
(\))2364 5208 w
10 R f
(Set the audit mask of process)5 1168 1 1440 5328 t
10 I f
(pid)2633 5328 w
10 R f
(to)2786 5328 w
10 I f
(x.)2889 5328 w
(Syslog)1080 5496 w
10 R f
(works only in processes with capability)5 1579 1 1366 5496 t
10 CW f
(T_LOG)2970 5496 w
10 R f
(; see)1 180 1 3270 5496 t
10 I f
(getplab)3475 5496 w
10 R f
(\(2\).)3783 5496 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 5664 t
10 I f
(log)1080 5784 w
10 R f
(\(4\),)1216 5784 w
10 I f
(log)1382 5784 w
10 R f
(\(5\),)1518 5784 w
10 I f
(syslog)1684 5784 w
10 R f
(\(8\))1942 5784 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 5952 t
10 CW f
(EBADF, EFAULT, EINVAL, EIO)3 1560 1 1080 6072 t
10 R f
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 21)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 21 21
%%Page: 22 22
/saveobj save def
mark
22 pagesetup
10 R f
( \( 2 \))3 140( UNSAFE)1 4011(UNSAFE \( 2 \))3 529 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(unsafe \261 detect potential \256le security violations)6 1887 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <sys/types.h>)1 1320 1 1080 1368 t
(unsafe\(nfd, readfds, writefds\))2 1800 1 1080 1536 t
(fd_set *readfds, *writefds;)2 1620 1 1080 1656 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1824 t
10 I f
(Unsafe)1080 1944 w
10 R f
( through)1 345(examines \256le descriptors 0)3 1092 2 1396 1944 t
10 I f
(nfd\2611)2867 1944 w
10 R f
(and sets the corresponding bits of the masks in)8 1937 1 3129 1944 t
10 I f
(readfds)5100 1944 w
10 R f
(and)1080 2064 w
10 I f
(writefds)1252 2064 w
10 R f
(to indicate \256les that are not known to be safe \(i.e. to satisfy security label rules\) for reading or)18 3797 1 1603 2064 t
( bit masks are indexed and manipulated as described in)9 2199( The)1 205(writing respectively.)1 821 3 1080 2184 t
10 I f
(select)4330 2184 w
10 R f
(\(2\).)4565 2184 w
(At the same time, if the process has capability)8 1879 1 1080 2352 t
10 CW f
(T_NOCHK)2989 2352 w
10 R f
(\(see)3440 2352 w
10 I f
(getplab)3631 2352 w
10 R f
(\(2\)\), all \256le descriptors indicated by)5 1461 1 3939 2352 t
(ones among the \256rst)3 817 1 1080 2472 t
10 I f
(nfd)1924 2472 w
10 R f
(bits of the previous values of)5 1167 1 2079 2472 t
10 I f
(readfds)3273 2472 w
10 R f
(and)3600 2472 w
10 I f
(writefds)3771 2472 w
10 R f
(are marked safe to read or write)6 1279 1 4121 2472 t
(respectively.)1080 2592 w
( in)1 112(Potentially unsafe situations arise from changes in \256le label caused by this or other processes, changes)15 4208 2 1080 2760 t
(process label, and \256le opening.)4 1237 1 1080 2880 t
(To prevent unintended violations of security policy, programs with capability)9 3178 1 1080 3048 t
10 CW f
(NOCHK)4292 3048 w
10 R f
(must monitor label)2 774 1 4626 3048 t
( be frozen \(see)3 583( this purpose the process label may)6 1404(changes. For)1 536 3 1080 3168 t
10 I f
(getplab)3628 3168 w
10 R f
(\(2\)\) to prevent unintended automatic)4 1464 1 3936 3168 t
(label changes.)1 567 1 1080 3288 t
10 CW f
(SIGLAB)1699 3288 w
10 R f
( labels \(see)2 449(may be used to detect changes in \256le)7 1481 2 2086 3288 t
10 I f
(signal)4044 3288 w
10 R f
(\(2\)\), and)1 346 1 4297 3288 t
10 I f
(unsafe)4671 3288 w
10 R f
(to pinpoint)1 440 1 4960 3288 t
(them.)1080 3408 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 3576 t
10 CW f
(EFAULT)1080 3696 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 3864 t
10 I f
(get\257ab)1080 3984 w
10 R f
(\(2\),)1360 3984 w
10 I f
(getplab)1526 3984 w
10 R f
(\(2\),)1834 3984 w
10 I f
(signal)2000 3984 w
10 R f
(\(2\),)2253 3984 w
10 I f
(select)2419 3984 w
10 R f
(\(2\))2654 3984 w
( 22)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 22 22
%%Page: 23 23
/saveobj save def
mark
23 pagesetup
10 R f
( \( 3X \))3 212( BUILDMAP)1 3734(BUILDMAP \( 3X \))3 734 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(buildmap, transin, transout)2 1072 1 1080 1080 t
10 S f
(-)2177 1080 w
10 R f
(translate labels between computers)3 1394 1 2257 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <cbit.h>)1 1020 1 1080 1368 t
(struct mapping *buildmap\(int fd, char *file, char *me, char *pw, server\);)10 4380 1 1080 1536 t
(transin\(struct mapping *map, struct label *foreign,struct label *domestic\);)7 4500 1 1080 1704 t
(transout\(struct mapping *map, struct label *domestic, struct label *foreign\);)8 4620 1 1080 1872 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2040 t
10 R f
( its partner \(which may be another instance of)8 1853(Buildmap and)1 566 2 1080 2160 t
10 I f
(buildmap)3527 2160 w
10 R f
(\) at the far end of the stream)7 1148 1 3913 2160 t
10 I f
(fd)5089 2160 w
10 R f
(work)5195 2160 w
( near end is de\256ned by)5 961( label space at the)4 761( The)1 218(out a mapping for translating labels.)5 1508 4 1080 2280 t
10 I f
(\256le ,)1 184 1 4565 2280 t
10 R f
(which contains)1 614 1 4786 2280 t
(ASCII representations of)2 1000 1 1080 2400 t
10 I f
(cbit)2106 2400 w
10 R f
( \(for authorization purposes\) of the near end is)8 1867( identity)1 332( The)1 206(\(3\) structures.)1 555 4 2264 2400 t
10 I f
(me)5251 2400 w
10 R f
(,)5375 2400 w
(using a secret password)3 951 1 1080 2520 t
10 I f
(pw)2058 2520 w
10 R f
( end challenges the other, using its own password to compose a response,)12 2941(. Each)1 276 2 2183 2520 t
(whose validity is checked by)4 1226 1 1080 2640 t
10 I f
(verify ;)1 303 1 2349 2640 t
10 R f
(see)2695 2640 w
10 I f
(notary)2865 2640 w
10 R f
( other's passwords.)2 806(\(3\); The ends need not know each)6 1460 2 3134 2640 t
10 I f
(Server)1080 2760 w
10 R f
(is to simplify the protocol: one end should have server set to zero, the other end to one.)17 3476 1 1365 2760 t
10 I f
(Transout)1080 2928 w
10 R f
(and)1475 2928 w
10 I f
(transin)1652 2928 w
10 R f
( to the formula determined by)5 1235(translate labels according)2 1030 2 1969 2928 t
10 I f
(buildmap)4268 2928 w
10 R f
( in transit)2 396(. Labels)1 350 2 4654 2928 t
( in the binary form of the source machine and are translated on receipt, so)14 3010(are represented)1 611 2 1080 3048 t
10 I f
(transout)4731 3048 w
10 R f
('s job is)2 327 1 5073 3048 t
( impossible or illegal, otherwise they perform the translation)8 2433( routines return 0 if translation is)6 1316(simpler. Both)1 571 3 1080 3168 t
(and return 1.)2 507 1 1080 3288 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 3456 t
10 I f
(cbit)1080 3576 w
10 R f
(\(3\),)1238 3576 w
10 I f
(notary)1404 3576 w
10 R f
(\(3\))1673 3576 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 3744 t
10 R f
(These routines all return 0 on error.)6 1416 1 1080 3864 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 23)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 23 23
%%Page: 24 24
/saveobj save def
mark
24 pagesetup
10 R f
( \( 3X \))3 212( CBIT)1 4028(CBIT \( 3X \))3 440 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(cbit, cbitread, cbitlookup, cbitparse, cbitcert)4 1758 1 1080 1080 t
10 S f
(-)2863 1080 w
10 R f
(security category manipulation)2 1237 1 2943 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <cbit.h>)1 1020 1 1080 1368 t
(struct cbit *cbitparse\(char **fields, struct cbit *cb\);)6 3300 1 1080 1536 t
(struct cbit *cbitread\(char *file\);)3 2040 1 1080 1704 t
(struct cbit *cbitlookup\(char *name, struct cbit *cb\);)6 3180 1 1080 1872 t
(char *cbitcert\(struct cbit *p\);)3 1860 1 1080 2040 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2208 t
10 R f
( handle compartmented security categories.)4 1784(These functions manipulate certi\256cates entitling computers to)6 2536 2 1080 2328 t
(Each security compartment is represented by a structure of form:)9 2591 1 1080 2448 t
10 CW f
(struct cbit {)2 780 1 1080 2568 t
(char *name;)1 660 1 1480 2688 t
10 R f
(of\256cial name of category)3 1000 1 2730 2688 t
10 CW f
(int floor;)1 600 1 1480 2808 t
10 R f
(default value \(only bottom bit used\))5 1435 1 2730 2808 t
10 CW f
(char *owner;)1 720 1 1480 2928 t
10 R f
(public name of issuing authority)4 1294 1 2730 2928 t
10 CW f
(char *nickname;)1 900 1 1480 3048 t
10 R f
(our version of category name)4 1169 1 2730 3048 t
10 CW f
(int bitslot;)1 720 1 1480 3168 t
10 R f
(where we store it)3 684 1 2730 3168 t
10 CW f
(char *exerciser;)1 960 1 1480 3288 t
10 R f
(who we are)2 459 1 2730 3288 t
10 CW f
(char *certificate;)1 1080 1 1480 3408 t
10 R f
(owner's signature)1 712 1 2730 3408 t
10 CW f
(})1080 3528 w
10 R f
( meaning of the)3 645(which describes the)2 799 2 1080 3648 t
10 I f
(bitslot)2556 3648 w
10 R f
( convention, the lines of)4 991( By)1 174(-th bit in a computer's label space.)6 1420 3 2815 3648 t
(the \256le)1 289 1 1080 3768 t
10 CW f
(/etc/cbits)1408 3768 w
10 R f
( held on the)3 508(contain \(in ASCII colon-separated form\) the compartments currently)7 2845 2 2047 3768 t
(local computer.)1 621 1 1080 3888 t
10 I f
(Cbitparse)1080 4056 w
10 R f
( the second argu-)3 702( If)1 122( a vector of seven strings.)5 1050(\256lls in and returns a cbit in the obvious way from)10 2021 4 1505 4056 t
(ment is zero)2 488 1 1080 4176 t
10 I f
(cbitparse)1593 4176 w
10 R f
(allots a new structure using)4 1093 1 1990 4176 t
10 I f
(malloc)3108 4176 w
10 R f
(\(3\).)3388 4176 w
10 I f
(Cbitread)1080 4344 w
10 R f
( last entry in)3 509( The)1 208(reads and parses an ASCII \256le of cbits, returning an array of \256lled in structures.)14 3219 3 1464 4344 t
(the array is a dummy; it is signalled by having a zero value of)13 2466 1 1080 4464 t
10 I f
(name)3571 4464 w
10 R f
(.)3795 4464 w
10 I f
(Cbitlookup)1080 4632 w
10 R f
(, when fed a category name and an array of cbits \(such as returned by)14 3018 1 1533 4632 t
10 I f
(cbitread)4594 4632 w
10 R f
(\), returns a)2 465 1 4935 4632 t
(pointer to the unique entry whose category name is)8 2041 1 1080 4752 t
10 I f
(name)3146 4752 w
10 R f
(, or returns zero.)3 656 1 3370 4752 t
10 I f
(Cbitcert)1080 4920 w
10 R f
( certi\256cate granting)2 796(composes a)1 472 2 1442 4920 t
10 I f
(exerciser)2745 4920 w
10 R f
(the right to hold \256les with the given security category.)9 2255 1 3145 4920 t
(The output of)2 558 1 1080 5040 t
10 I f
(cbitcert)1670 5040 w
10 R f
(depends only on)2 669 1 2007 5040 t
10 I f
(name)2708 5040 w
10 R f
(,)2932 5040 w
10 I f
(\257oor)2988 5040 w
10 R f
(,)3185 5040 w
10 I f
(owner)3241 5040 w
10 R f
(, and)1 200 1 3499 5040 t
10 I f
(exerciser)3730 5040 w
10 R f
( output must be signed by)5 1061(. The)1 236 2 4103 5040 t
10 I f
(owner)1080 5160 w
10 R f
(with)1357 5160 w
10 I f
(xs)1562 5160 w
10 R f
(\(see)1672 5160 w
10 I f
(notary)1859 5160 w
10 R f
(\(3\)\) to produce the checksum value in)6 1525 1 2128 5160 t
10 I f
(certi\256cate)3680 5160 w
10 R f
( may check valid-)3 721( parties)1 293(. Third)1 299 3 4087 5160 t
(ity of a cbit by calling)5 880 1 1080 5280 t
10 CW f
(verify\(p->exerciser, p->certificate, cbitcert\(p\), strlen\(cbitcert\(p\)\)\))3 4200 1 1080 5400 t
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 5568 t
10 CW f
(/etc/cbits)1080 5688 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 5856 t
10 I f
(notary)1080 5976 w
10 R f
(\(3\).)1349 5976 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 6144 t
10 R f
(These routines all return 0 on error.)6 1416 1 1080 6264 t
( 24)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 24 24
%%Page: 25 25
/saveobj save def
mark
25 pagesetup
10 R f
( \( 3 \))3 140( GETSTSRC)1 3899(GETSTSRC \( 3 \))3 641 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(getstsrc, setstsrc)1 649 1 1080 1080 t
10 S f
(-)1754 1080 w
10 R f
(read and write a stream identi\256er)5 1316 1 1834 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(char *getstsrc\(fd\))1 1080 1 1080 1368 t
(setstsrc\(fd, name\))1 1080 1 1080 1488 t
(char *name;)1 660 1 1080 1608 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1776 t
10 I f
(Setstsrc)1080 1896 w
10 R f
( stream, and)2 493(attaches a descriptive string to the indicated)6 1765 2 1419 1896 t
10 I f
(getstsrc)3706 1896 w
10 R f
(returns a pointer to a static buffer)6 1354 1 4046 1896 t
( a stream is \256rst opened the)6 1123( When)1 293( \256nal close of the stream.)5 1029( string persists until)3 805( The)1 211(containing the string.)2 859 6 1080 2016 t
(string is trivial.)2 609 1 1080 2136 t
10 I f
(Setstsrc)1080 2304 w
10 R f
(requires capability)1 746 1 1422 2304 t
10 CW f
(T_EXTERN)2199 2304 w
10 R f
(; see)1 186 1 2679 2304 t
10 I f
(getplab)2896 2304 w
10 R f
( names the off-machine)3 960( string conventionally)2 884(\(2\). The)1 352 3 3204 2304 t
( may modify it, it may be relied on for security calcula-)11 2268( only trusted processes)3 925( Since)1 278(source of the stream.)3 849 4 1080 2424 t
(tions.)1080 2544 w
10 I f
(Getstsrc)1080 2712 w
10 R f
(returns 0 on error,)3 720 1 1438 2712 t
10 I f
(setstsrc)2183 2712 w
10 R f
(returns \2611 on error.)3 770 1 2508 2712 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 2880 t
10 I f
(stream)1080 3000 w
10 R f
(\(4\))1360 3000 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 3168 t
10 CW f
(EPERM)1080 3288 w
10 R f
(,)1380 3288 w
10 CW f
(ENOTTY)1430 3288 w
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 3456 t
10 R f
(The return value of)3 767 1 1080 3576 t
10 I f
(getstsrc)1872 3576 w
10 R f
(points to static data whose content is overwritten by each call.)10 2477 1 2208 3576 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 25)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 25 25
%%Page: 26 26
/saveobj save def
mark
26 pagesetup
10 R f
( \( 3 \))3 140( LABCONST)1 3872(LABCONST \( 3 \))3 668 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(labelyes, labelno, labeltop, labelbot \261 label constants)6 2106 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(extern struct label labelyes;)3 1740 1 1080 1368 t
(extern struct label labelno;)3 1680 1 1080 1536 t
(extern struct label labeltop;)3 1740 1 1080 1704 t
(extern struct label labelbot;)3 1740 1 1080 1872 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2040 t
10 R f
(These objects are initialized as follows, where the coded values are as in)12 2890 1 1080 2160 t
10 I f
(labtoa)3995 2160 w
10 R f
(\(3\).)4259 2160 w
10 CW f
(labelyes)1080 2328 w
10 R f
(The universally permissive label,)3 1326 1 1680 2328 t
10 CW f
(Y)3031 2328 w
10 R f
(.)3091 2328 w
10 CW f
(labelno)1080 2448 w
10 R f
(The universally denying label,)3 1215 1 1680 2448 t
10 CW f
(N)2920 2448 w
10 R f
(.)2980 2448 w
10 CW f
(labeltop)1080 2568 w
10 R f
(The top lattice value,)3 843 1 1680 2568 t
10 CW f
(ffff...)2548 2568 w
10 R f
(.)2968 2568 w
10 CW f
(labelbot)1080 2688 w
10 R f
(The bottom lattice value,)3 999 1 1680 2688 t
10 CW f
(0000...)2704 2688 w
10 R f
(.)3124 2688 w
( 26)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 26 26
%%Page: 27 27
/saveobj save def
mark
27 pagesetup
10 R f
( \( 3 \))3 140( LABEQ)1 4067(LABEQ \( 3 \))3 473 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(labeq, lable, labmax, labmin \261 compare security labels)7 2174 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <sys/label.h>)1 1320 1 1080 1368 t
(labEQ\(x, y\))1 660 1 1080 1536 t
(struct label *x, *y;)3 1200 1 1080 1656 t
(labLE\(x, y\))1 660 1 1080 1824 t
(struct label *x, *y;)3 1200 1 1080 1944 t
(struct label labMAX\(x, y\))3 1500 1 1080 2112 t
(struct label *x, *y;)3 1200 1 1080 2232 t
(struct label labMIN\(x, y\))3 1500 1 1080 2400 t
(struct label *x, *y;)3 1200 1 1080 2520 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2688 t
10 I f
(LabEQ)1080 2808 w
10 R f
(returns 1 if)2 440 1 1395 2808 t
10 I f
(x)1861 2808 w
10 R f
(and)1931 2808 w
10 I f
(y)2101 2808 w
10 R f
( argument)1 404( result is 1 if and only if neither)8 1268( The)1 206(point to equal labels, otherwise 0.)5 1351 4 2171 2808 t
(is 0, the \257ag \256elds are the same, and, when the \257ag \256elds are)13 2424 1 1080 2928 t
10 CW f
(L_BITS)3529 2928 w
10 R f
(, the lattice values are the same.)6 1269 1 3889 2928 t
10 I f
(LabLE)1080 3096 w
10 R f
( pointed to by)3 604(returns 1 if the security label)5 1225 2 1394 3096 t
10 I f
(x)3265 3096 w
10 R f
(compares less than or equal to the security label)8 2049 1 3351 3096 t
(pointed to by)2 560 1 1080 3216 t
10 I f
(y.)1681 3216 w
10 R f
(An improper argument is treated as if it had \257ag)9 2066 1 1791 3216 t
10 CW f
(L_NO)3898 3216 w
10 R f
( one of the labels has \257ag)6 1105(. If)1 157 2 4138 3216 t
10 CW f
(L_YES)1080 3336 w
10 R f
( otherwise if one of the labels has \257ag)8 1538(, the result is 1;)4 622 2 1380 3336 t
10 CW f
(L_NO)3568 3336 w
10 R f
(, the result is 0; otherwise the the result)8 1592 1 3808 3336 t
( only if the lattice value of)6 1102(is 1 if and)3 424 2 1080 3456 t
10 I f
(x)2639 3456 w
10 R f
(is bitwise less than or equal to the lattice value of)10 2050 1 2716 3456 t
10 I f
(y.)4799 3456 w
10 R f
(\(Inequalities)4901 3456 w
(involving)1080 3576 w
10 CW f
(L_YES)1489 3576 w
10 R f
(and)1814 3576 w
10 CW f
(L_NO)1983 3576 w
10 R f
(are not transitive.\))2 729 1 2248 3576 t
10 I f
(LabMAX)1080 3744 w
10 R f
(and)1472 3744 w
10 I f
(labMIN)1647 3744 w
10 R f
( OR\) and minimum \(bitwise AND\) of lat-)7 1717(respectively return the maximum \(bitwise)4 1694 2 1989 3744 t
(tice values of labels pointed to by)6 1349 1 1080 3864 t
10 I f
(x)2455 3864 w
10 R f
(and)2525 3864 w
10 I f
(y.)2695 3864 w
10 R f
( if it had \257ag)4 511(An improper argument is treated as)5 1416 2 2790 3864 t
10 CW f
(L_NO)4742 3864 w
10 R f
( one of)2 277(. If)1 141 2 4982 3864 t
(the labels has \257ag)3 740 1 1080 3984 t
10 CW f
(L_YES)1854 3984 w
10 R f
(, the result is the other label; otherwise if one of the labels has \257ag)14 2789 1 2154 3984 t
10 CW f
(L_NO)4978 3984 w
10 R f
(, the)1 182 1 5218 3984 t
(result has \257ag)2 555 1 1080 4104 t
10 CW f
(L_NO)1660 4104 w
10 R f
(.)1900 4104 w
(The privilege and frozen-label \256elds of the labels are disregarded by all of these functions.)14 3611 1 1080 4272 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 4440 t
10 I f
(get\257ab)1080 4560 w
10 R f
(\(2\))1360 4560 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 27)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 27 27
%%Page: 28 28
/saveobj save def
mark
28 pagesetup
10 R f
( \( 3 \))3 140( LABTOA)1 3995(LABTOA \( 3 \))3 545 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(labtoa, atolab, atopriv, privtoa \261 security label conversion)7 2302 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <sys/label.h>)1 1320 1 1080 1368 t
( label *labp;)2 780( struct)1 385(char *labtoa\(labp\))1 1080 3 1080 1536 t
( *string;)1 540( char)1 265(struct label *atolab\(string\))2 1680 3 1080 1656 t
( *string;)1 540(atopriv\(string\) char)1 1165 2 1080 1824 t
(char *privtoa\(n\))1 960 1 1080 1992 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2160 t
10 I f
(Labtoa)1080 2280 w
10 R f
(returns a pointer to a null-terminated)5 1537 1 1403 2280 t
9 R f
(ASCII)2977 2280 w
10 R f
( security label)2 590(string that represents the value of the)6 1559 2 3251 2280 t
(pointed to by)2 528 1 1080 2400 t
10 I f
(labp.)1633 2400 w
10 R f
(The string has a form exempli\256ed by)6 1476 1 1861 2400 t
10 CW f
(guxnlp guxnlpFY 0000 0000 ...)4 1740 1 1440 2568 t
10 R f
(The characters of the first group)5 1307 1 1080 2736 t
10 CW f
(guxnlp)2417 2736 w
10 R f
(denote capabilities)1 751 1 2807 2736 t
10 CW f
(T_LOG)3588 2736 w
10 R f
(,)3888 2736 w
10 CW f
(T_UAREA)3943 2736 w
10 R f
(,)4363 2736 w
10 CW f
(T_EXTERN)4419 2736 w
10 R f
(,)4899 2736 w
10 CW f
(T_NOCHK)4955 2736 w
10 R f
(,)5375 2736 w
10 CW f
(T_SETLIC)1080 2856 w
10 R f
(, and)1 195 1 1560 2856 t
10 CW f
(T_SETPRIV)1781 2856 w
10 R f
( of the second group denote corresponding licenses;)7 2071(respectively. Characters)1 983 2 2346 2856 t
(see)1080 2976 w
10 I f
(getplab)1232 2976 w
10 R f
( capabilities or licenses are denoted by)6 1541(\(2\). Missing)1 514 2 1540 2976 t
10 CW f
(-)3620 2976 w
10 R f
(.)3680 2976 w
(The character shown as)3 944 1 1080 3144 t
10 CW f
(F)2051 3144 w
10 R f
( may be a space \(loose\),)5 973( It)1 114( fixity of the label.)4 753(denotes the)1 454 4 2138 3144 t
10 CW f
(F)4460 3144 w
10 R f
(\(frozen\),)4548 3144 w
10 CW f
(R)4921 3144 w
10 R f
(\(rigid\), or)1 391 1 5009 3144 t
10 CW f
(C)1080 3264 w
10 R f
(\(constant\) The character shown as)4 1386 1 1171 3264 t
10 CW f
(Y)2588 3264 w
10 R f
( may be a space for a lattice label,)8 1402( It)1 117(denotes the label's flag.)3 966 3 2679 3264 t
10 CW f
(N)5194 3264 w
10 R f
(for)5284 3264 w
10 CW f
(L_NO)1080 3384 w
10 R f
(,)1320 3384 w
10 CW f
(Y)1370 3384 w
10 R f
(for)1455 3384 w
10 CW f
(L_YES)1596 3384 w
10 R f
(, or)1 133 1 1896 3384 t
10 CW f
(U)2054 3384 w
10 R f
(for the erroneous flag value 0.)5 1202 1 2139 3384 t
( representing the value of two bytes of the)8 1728(Each group of four zeros may be any four lower case hex digits)12 2592 2 1080 3552 t
( groups at the end of the string are denoted)9 1705( Repeating)1 455(lattice value.)1 510 3 1080 3672 t
10 CW f
(...)3775 3672 w
10 R f
(.)3955 3672 w
10 I f
(Atolab)1080 3840 w
10 R f
( are arbitrary, except)3 842( order of characters in, and length of, privilege strings)9 2193( The)1 210(inverts the process.)2 778 4 1377 3840 t
( order of characters)3 789( The)1 211( capability string.)2 709(that a nonempty license string must be preceded by a nonempty)10 2611 4 1080 3960 t
(from the set)2 487 1 1080 4080 t
10 CW f
(YNUFRC)1597 4080 w
10 R f
( and may)2 378( must separate nonempty capability and license strings,)7 2238( Spaces)1 332(is arbitrary.)1 465 4 1987 4080 t
( final)1 209( A)1 123(be interspersed arbitrarily after the license string.)6 1965 3 1080 4200 t
10 CW f
(...)3403 4200 w
10 R f
( hex digits to be repeated,)5 1026(causes the last four)3 765 2 3609 4200 t
( short or missing lattice value is padded)7 1634( A)1 129( contains a multiple of four digits.)6 1400(provided the preceding label)3 1157 4 1080 4320 t
(with zeros.)1 438 1 1080 4440 t
10 I f
(Atopriv)1080 4608 w
10 R f
(converts a string of characters from the set)7 1740 1 1411 4608 t
10 CW f
(guxnlp-)3182 4608 w
10 R f
( stored in the)3 540(into privilege bits that may be)5 1227 2 3633 4608 t
10 CW f
(lb_t)1080 4728 w
10 R f
(or)1345 4728 w
10 CW f
(lb_u)1453 4728 w
10 R f
( order and number of characters are arbitrary.)7 1809( The)1 205(fields of a label structure.)4 1017 3 1718 4728 t
10 I f
(Privtoa)1080 4896 w
10 R f
(is inverse to)2 483 1 1405 4896 t
10 I f
(atopriv.)1913 4896 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 5064 t
10 I f
(getflab)1080 5184 w
10 R f
(\(2\),)1366 5184 w
10 I f
(getplab)1532 5184 w
10 R f
(\(2\),)1840 5184 w
10 I f
(getlab)2006 5184 w
10 R f
(\(1\))2264 5184 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 5352 t
10 I f
(Atolab)1080 5472 w
10 R f
(returns 0 for unrecognizable input.)4 1383 1 1372 5472 t
10 I f
(Atopriv)1080 5640 w
10 R f
(returns the negative value)3 3254 1 2146 5640 t
10 CW f
(\304\(T_LOG|T_UAREA|T_EXTERN|T_NOCHK|T_SETLIC|T_SETPRIV\))1080 5760 w
10 R f
(for unrecognizable input.)2 1006 1 4225 5760 t
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 5928 t
10 R f
(The value returned by)3 878 1 1080 6048 t
10 I f
(labtoa, atolab,)1 587 1 1983 6048 t
10 R f
(or)2595 6048 w
10 I f
(privtoa)2703 6048 w
10 R f
(points to a static buffer that is overwritten at each call.)10 2171 1 3017 6048 t
( 28)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 28 28
%%Page: 29 29
/saveobj save def
mark
29 pagesetup
10 R f
( \( 3 \))3 140( NOTARY)1 3984(NOTARY \( 3 \))3 556 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(xs, enroll, verify, reverify, keynotary)4 1474 1 1080 1080 t
10 S f
(-)2579 1080 w
10 R f
(certification functions)1 879 1 2659 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(char *xs\(char *key, char *buf, int n\))6 2220 1 1080 1368 t
(enroll\(char *name, char *oldkey, char *newkey\))5 2760 1 1080 1488 t
(verify\(char *name, char *xsum, char *buf, int n\))7 2880 1 1080 1608 t
(rverify\(char *name, char *xsum, char *buf, int n\))7 2940 1 1080 1728 t
(keynotary\(char *key1, char *key2\))3 1980 1 1080 1848 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2016 t
10 R f
(All these funcitons except)3 1040 1 1080 2136 t
10 I f
(xs)2145 2136 w
10 R f
(must be linked with option)4 1073 1 2253 2136 t
10 CW f
(-lipc)3351 2136 w
10 R f
(of)3676 2136 w
10 I f
(ld)3784 2136 w
10 R f
(\(1\).)3870 2136 w
10 I f
(Xs)1080 2304 w
10 R f
( of the)2 269(composes a cryptographic checksum)3 1484 2 1211 2304 t
10 I f
(n)2996 2304 w
10 R f
(characters starting at)2 839 1 3078 2304 t
10 I f
(buf.)3949 2304 w
10 R f
(The)4159 2304 w
10 I f
(key)4346 2304 w
10 R f
(argument points to an)3 890 1 4510 2304 t
( pointer is returned to a null-terminated)6 1570( A)1 122(8-character checksumming key.)2 1271 3 1080 2424 t
9 R f
(ASCII)4066 2424 w
10 R f
(checksum.)4326 2424 w
10 I f
(Enroll)1080 2592 w
10 R f
(registers a checksumming key for user)5 1573 1 1368 2592 t
10 I f
(name)2973 2592 w
10 R f
(with)3221 2592 w
10 I f
(notary)3431 2592 w
10 R f
( key per user)3 536(\(1\), only one checksumming)3 1164 2 3700 2592 t
( first registry the)3 666( On)1 173(name at a time.)3 613 3 1080 2712 t
10 I f
(oldkey)2558 2712 w
10 R f
( subsequent registries, the)3 1035( On)1 173(argument is ignored.)2 826 3 2844 2712 t
10 I f
(oldkey)4904 2712 w
10 R f
(argu-)5190 2712 w
( new checksumming key is)4 1162( The)1 225( match the currently stored checksumming key.)6 2014(ment must)1 439 4 1080 2832 t
10 I f
(newkey)4965 2832 w
10 R f
(; if)1 134 1 5266 2832 t
10 I f
(newkey)1080 2952 w
10 R f
(is trivial,)1 356 1 1398 2952 t
10 I f
(name)1779 2952 w
10 R f
(is deregistered.)1 604 1 2020 2952 t
10 I f
(Verify)1080 3120 w
10 R f
(consults the notary oracle to check the validity of a checksum composed by)12 3113 1 1357 3120 t
10 I f
(xs.)4503 3120 w
10 R f
( return)1 272(A non zero)2 459 2 4669 3120 t
( key registered with the notary)5 1267(value signifies that the checksum was calculated using the checksumming)9 3053 2 1080 3240 t
(oracle as belonging to user)4 1110 1 1080 3360 t
10 I f
(name)2225 3360 w
10 R f
(.)2449 3360 w
10 I f
(Rverify)2534 3360 w
10 R f
(does what)1 412 1 2857 3360 t
10 I f
(verify)3304 3360 w
10 R f
( oracle)1 279(does, but leaves the connection to the)6 1555 2 3566 3360 t
(open until presented with a NULL value for)7 1755 1 1080 3480 t
10 I f
(name)2860 3480 w
10 R f
( subsequent calls to)3 780(. Hence,)1 354 2 3084 3480 t
10 I f
(rverify)4243 3480 w
10 R f
(should be quicker.)2 735 1 4534 3480 t
10 I f
(Keynotary)1080 3648 w
10 R f
(is used to tell the notary daemon the key for its private encrypted data.)13 2851 1 1524 3648 t
10 I f
(Key1)4429 3648 w
10 R f
(is the key the data)4 737 1 4663 3648 t
(is currently encrypted with;)3 1122 1 1080 3768 t
10 I f
(key2)2234 3768 w
10 R f
( file descriptor is returned,)4 1080( A)1 129(\(if nonzero\) is the key to use in the future.)9 1743 3 2448 3768 t
(from which diagnosic information may be read.)6 1905 1 1080 3888 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 4056 t
10 I f
(notary)1080 4176 w
10 R f
(\(1\),)1349 4176 w
10 I f
(ipc)1515 4176 w
10 R f
(\(3\))1645 4176 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 4344 t
10 I f
(Verify)1080 4464 w
10 R f
(and)1349 4464 w
10 I f
(enroll)1518 4464 w
10 R f
(return zero on failure, otherwise nonzero.)5 1653 1 1782 4464 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 29)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 29 29
%%Page: 30 30
/saveobj save def
mark
30 pagesetup
10 R f
( \( 3 \))3 140( PEX)1 4211(PEX \( 3 \))3 329 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(pex, unpex \261 obtain process-exclusive file access)6 1959 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <sys/pex.h>)1 1200 1 1080 1368 t
(int pex\(fd, seconds, pexbuf\))3 1680 1 1080 1536 t
(struct pexclude *pexbuf;)2 1440 1 1080 1656 t
(int unpex\(fd, seconds\))2 1320 1 1080 1824 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1992 t
10 I f
(Pex)1080 2112 w
10 R f
( obtain exclusive access to the file designated by file descriptor)10 2663(tries, using the ioctl call, to)5 1151 2 1267 2112 t
10 I f
(fd)5120 2112 w
10 R f
(; see)1 194 1 5206 2112 t
10 I f
(pex)1080 2232 w
10 R f
(\(4\). If)1 261 1 1226 2232 t
10 I f
(pexbuf)1516 2232 w
10 R f
( the other end of the pipe are placed in the object)11 1981(is nonzero, facts about)3 910 2 1811 2232 t
10 I f
(pexbuf)4730 2232 w
10 R f
(points to,)1 376 1 5024 2232 t
(as described in)2 593 1 1080 2352 t
10 I f
(pex)1698 2352 w
10 R f
(\(4\).)1844 2352 w
(If)1080 2520 w
10 I f
(fd)1178 2520 w
10 R f
(refers to a stream,)3 735 1 1288 2520 t
10 I f
(pex)2055 2520 w
10 R f
( input and output queues, flushing if)6 1495(first empties the)2 658 2 2225 2520 t
10 I f
(seconds)4411 2520 w
10 R f
(is negative, and)2 640 1 4760 2520 t
( not drain, an)3 548( the queues do)3 598( If)1 124(otherwise waiting up to the specified time interval for the queues to drain.)12 3050 4 1080 2640 t
(error results.)1 504 1 1080 2760 t
10 I f
(Unpex)1080 2928 w
10 R f
(uses to try to reverse the effect of)7 1332 1 1365 2928 t
10 I f
(pex,)2722 2928 w
10 R f
(again flushing or draining queues as specified by)7 1955 1 2910 2928 t
10 I f
(seconds.)4890 2928 w
10 R f
(On a pipe,)2 423 1 1080 3096 t
10 I f
(pex)1533 3096 w
10 R f
(or)1701 3096 w
10 I f
(unpex)1814 3096 w
10 R f
(succeeds only if the process at the other end answers with an FIOPX or FIONPX)14 3317 1 2083 3096 t
(ioctl respectively.)1 710 1 1080 3216 t
10 I f
(Pex)1840 3216 w
10 R f
(and)2014 3216 w
10 I f
(unpex)2183 3216 w
10 R f
(should not be used to answer.)5 1182 1 2446 3216 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 3384 t
10 I f
(pex)1080 3504 w
10 R f
(\(4\))1226 3504 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 3672 t
10 I f
(Pex)1080 3792 w
10 R f
(returns \2611 on failure, 0 on success, and 1 for a half-pexed pipe.)12 2513 1 1254 3792 t
( 30)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 30 30
%%Page: 31 31
/saveobj save def
mark
31 pagesetup
10 R f
( \( 3X \))3 212( PWQUERY)1 3762(PWQUERY \( 3X \))3 706 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(pwquery, pexpw)1 665 1 1080 1080 t
10 S f
(-)1770 1080 w
10 R f
(password services)1 723 1 1850 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(pwquery\(fd, name, param\))2 1440 1 1080 1368 t
(char *name;)1 660 1 1080 1488 t
(char *param;)1 720 1 1080 1608 t
(char *pexpw\(fd, prompt\))2 1380 1 1080 1776 t
(char *prompt;)1 780 1 1080 1896 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2064 t
10 I f
(Pwquery)1080 2184 w
10 R f
(calls upon the password server,)4 1262 1 1463 2184 t
10 I f
(pwserv)2753 2184 w
10 R f
(\(8\) to cause a password to be demanded from file descrip-)10 2356 1 3044 2184 t
(tor)1080 2304 w
10 I f
(fd)1216 2304 w
10 R f
( is loaded by option)4 789( It)1 111(and checked against the password for the named user.)8 2147 3 1319 2304 t
10 CW f
(-lipc)4391 2304 w
10 R f
(of)4716 2304 w
10 I f
(ld)4824 2304 w
10 R f
(\(1\).)4910 2304 w
( during the transaction, and the server is persnickety about when to use an Atalla)14 3499(Echoing is disabled)2 821 2 1080 2472 t
( when to use)3 511(challenge/response dialogue and)2 1305 2 1080 2592 t
10 I f
(crypt)2924 2592 w
10 R f
( negative return value indicates a)5 1331( A)1 125(\(3\)-style passwords.)1 807 3 3137 2592 t
( zero return value indicates rejection)5 1469( A)1 125(protocol error in reaching the server or that the server is not trusted.)12 2726 3 1080 2712 t
( positive return value indicates approval of the password.)8 2282( A)1 122(of the password.)2 657 3 1080 2832 t
(The argument)1 564 1 1080 3000 t
10 I f
(param)1676 3000 w
10 R f
( zero \(for vanilla password service\) or may point to a blank-separated list of)13 3133(may be)1 298 2 1969 3000 t
( only one keyword is understood:)5 1335( Currently)1 433(one or more keywords.)3 920 3 1080 3120 t
10 CW f
(pex)1080 3288 w
10 R f
(Reject the password if the stream is unpexable.)7 1880 1 1440 3288 t
10 I f
(Pexpw)1080 3456 w
10 R f
( password from the indicated \256le descriptor, after prompting with the null-terminated string)12 3738(reads a)1 285 2 1377 3456 t
10 I f
(prompt)1080 3576 w
10 R f
( The)1 205( pointer is returned to a null-terminated string of at most 8 characters.)12 2776( A)1 122(and disabling echoing.)2 902 4 1395 3576 t
( not attempted if it cannot be protected from eavesdropping by the process-exclusive mechanism)13 3883(dialogue is)1 437 2 1080 3696 t
(of)1080 3816 w
10 I f
(pex)1188 3816 w
10 R f
(\(4\).)1334 3816 w
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 3984 t
10 CW f
(/cs/pw)1080 4104 w
(/etc/pwserv)1080 4224 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 4392 t
10 I f
(ipc)1080 4512 w
10 R f
(\(3\),)1210 4512 w
10 I f
(getpass)1376 4512 w
10 R f
(\(3\),)1684 4512 w
10 I f
(pex)1850 4512 w
10 R f
(\(4\))1996 4512 w
10 I f
(pwserv)2137 4512 w
10 R f
(\(8\))2428 4512 w
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 4680 t
10 I f
(Pexpw)1080 4800 w
10 R f
(returns a pointer to static memory that is overwritten at every call.)11 2640 1 1371 4800 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 31)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 31 31
%%Page: 32 32
/saveobj save def
mark
32 pagesetup
10 R f
( \( 4 \))3 140( CHANGES)1 3928(CHANGES \( 4 \))3 612 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(proc, stream \261 changes to manual)5 1336 1 1080 1080 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1248 t
10 R f
(This section covers small changes in the named manual pages for IX relative to v10.)14 3369 1 1080 1368 t
( c)1 2( oc)1 46( ro)1 52(p pr)1 85 4 870 1536 t
(The groupid of all \256les in)5 1019 1 1080 1656 t
10 CW f
(/proc)2124 1656 w
10 R f
( process can have this groupid.)5 1231( No)1 172(is \2611.)1 217 3 2449 1656 t
( m)1 2( ea am)2 126( re)1 46( tr)1 35(s st)1 69 5 870 1824 t
(Changed)1080 1944 w
10 I f
(ioctl)1460 1944 w
10 R f
(\(2\) calls for streams:)3 823 1 1646 1944 t
10 CW f
(TIOCSPGRP)1080 2112 w
10 R f
( process id unless the process has capability)7 1883(The process group can be set only to the current)9 2077 2 1440 2232 t
10 CW f
(T_UAREA)1440 2352 w
10 R f
(.)1860 2352 w
10 CW f
(FIORCVFD)1080 2520 w
10 R f
(Deliver a structure pointed to by)5 1295 1 1440 2640 t
10 I f
(param)2760 2640 w
10 R f
(:)3029 2640 w
10 CW f
(struct passfd {)2 900 1 1440 2760 t
(int fd;)1 540 1 1800 2880 t
(short uid;)1 600 1 1800 3000 t
(short gid;)1 600 1 1800 3120 t
(short nice;)1 660 1 1800 3240 t
(char logname[8];)1 1020 1 1800 3360 t
(char cap;)1 600 1 1800 3480 t
(};)1440 3600 w
10 R f
( data is present, it returns)5 1039( If)1 123(The call blocks until there is something in the stream.)9 2197 3 1440 3768 t
10 CW f
(EIO)4831 3768 w
10 R f
( a file)2 241(. If)1 148 2 5011 3768 t
( other end of the pipe by)6 976(descriptor has been sent from the)5 1327 2 1440 3888 t
10 CW f
(FIOSNDFD)3768 3888 w
10 R f
(,)4248 3888 w
10 CW f
(FIORCVFD)4298 3888 w
10 R f
(fills in the user)3 597 1 4803 3888 t
( ID of the sending process, its niceness \(see)8 1802(and group)1 409 2 1440 4008 t
10 I f
(nice)3684 4008 w
10 R f
(\(2\)\), its login name, its capabilities in)6 1542 1 3858 4008 t
( the field)2 365(the form of)2 461 2 1440 4128 t
10 CW f
(lb_t)2296 4128 w
10 R f
(\(see)2566 4128 w
10 I f
(getflab)2756 4128 w
10 R f
(\(2\)\), and a file descriptor for the file being sent; the file is)12 2358 1 3042 4128 t
(now open in the receiving process.)5 1386 1 1440 4248 t
(New)1080 4416 w
10 I f
(ioctl)1293 4416 w
10 R f
(calls:)1496 4416 w
10 CW f
(FIOGSRC)1080 4584 w
10 R f
(Copy the stream identi\256er to the)5 1291 1 1440 4704 t
10 CW f
(SSRCSIZ)2756 4704 w
10 R f
(-byte string pointed to by)4 1011 1 3176 4704 t
10 I f
(param.)4212 4704 w
10 CW f
(FIOSSRC)1080 4872 w
10 R f
(Copy the)1 393 1 1440 4992 t
10 CW f
(SSRCSIZ)1887 4992 w
10 R f
( pointed to by)3 643(-byte string)1 487 2 2307 4992 t
10 I f
(param)3492 4992 w
10 R f
( Capability)1 497(into the stream identi\256er.)3 1095 2 3808 4992 t
10 CW f
(T_EXTERN)1440 5112 w
10 R f
(is required; see)2 608 1 1947 5112 t
10 I f
(getplab)2582 5112 w
10 R f
( It)1 112( newly created stream has an empty stream identi\256er.)8 2134(\(2\). A)1 264 3 2890 5112 t
( Successful)1 480( identi\256er on network connections to identify the source.)8 2285(is customary to set the stream)5 1195 3 1440 5232 t
(password demands may also be recorded in the stream identi\256er for the bene\256t of)13 3252 1 1440 5352 t
10 I f
(pwserv)4717 5352 w
10 R f
(\(8\).)5008 5352 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 5520 t
10 I f
(session)1080 5640 w
10 R f
(\(1\),)1377 5640 w
10 I f
(src)1543 5640 w
10 R f
(\(5\))1673 5640 w
( 32)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 32 32
%%Page: 33 33
/saveobj save def
mark
33 pagesetup
10 R f
( \( 4 \))3 140( LOG)1 4195(LOG \( 4 \))3 345 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(log \261 security log \256le)4 850 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <sys/log.h>)1 1200 1 1080 1368 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1536 t
10 R f
(The special \256les)2 653 1 1080 1656 t
10 CW f
(/dev/log/log00)1760 1656 w
10 R f
(through)2628 1656 w
10 CW f
(/dev/log/log15)2967 1656 w
10 R f
(refer to `repository' \256les nominated by)5 1565 1 3835 1656 t
10 I f
(syslog)1080 1776 w
10 R f
(\(2\).)1338 1776 w
( automatically records selected events on the `system log \256le')9 2523(The kernel)1 435 2 1080 1944 t
10 CW f
(/dev/log/log00)4070 1944 w
10 R f
(in the form)2 458 1 4942 1944 t
(described in)1 485 1 1080 2064 t
10 I f
(log)1590 2064 w
10 R f
(\(5\).)1726 2064 w
( write places in the)4 766( Each)1 252( read access.)2 506(Any process with write access may write on a log \256le; no process has)13 2796 4 1080 2232 t
(repository \256le a)2 639 1 1080 2352 t
10 I f
(log)1750 2352 w
10 R f
(\(5\) record with)2 610 1 1886 2352 t
10 CW f
(code)2527 2352 w
10 R f
(=)2798 2352 w
10 CW f
(LOG_USER)2885 2352 w
10 R f
( data written are truncated to)5 1169(. The)1 235 2 3365 2352 t
10 CW f
(LOGLEN)4799 2352 w
10 R f
(bytes)5189 2352 w
(and placed in the)3 679 1 1080 2472 t
10 CW f
(body)1784 2472 w
10 R f
( logging is not turned on, a log \256le acts like a write-only)12 2246(\256eld. When)1 491 2 2049 2472 t
10 CW f
(/dev/null)4811 2472 w
10 R f
(.)5351 2472 w
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 2640 t
10 CW f
(/dev/log/*)1080 2760 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 2928 t
10 I f
(syslog)1080 3048 w
10 R f
(\(2\),)1338 3048 w
10 I f
(log)1504 3048 w
10 R f
(\(5\),)1640 3048 w
10 I f
(syslog)1806 3048 w
10 R f
(\(8\))2064 3048 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 33)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 33 33
%%Page: 34 34
/saveobj save def
mark
34 pagesetup
10 R f
( \( 4 \))3 140( PEX)1 4211(PEX \( 4 \))3 329 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(pex \261 ioctl requests for process-exclusive access)6 1928 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <sys/pex.h>)1 1200 1 1080 1368 t
(ioctl\(fildes, FIOPX, p\))2 1380 1 1080 1536 t
(struct pexclude *p;)2 1140 1 1080 1656 t
(ioctl\(fildes, FIONPX, p\))2 1440 1 1080 1824 t
(struct pexclude *p;)2 1140 1 1080 1944 t
(ioctl\(fildes, FIOQX, p\))2 1380 1 1080 2112 t
(struct pexclude *p;)2 1140 1 1080 2232 t
(ioctl\(fildes, FIOAPX, p\))2 1440 1 1080 2400 t
(struct pexclude *p;)2 1140 1 1080 2520 t
(ioctl\(fildes, FIOANPX, p\))2 1500 1 1080 2688 t
(struct pexclude *p;)2 1140 1 1080 2808 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 2976 t
10 R f
(These)1080 3096 w
10 I f
(ioctl)1353 3096 w
10 R f
( an input/output source.)3 977(\(2\) requests provide and check temporary exclusive access to)8 2523 2 1539 3096 t
10 CW f
(FIOPX)5100 3096 w
10 R f
(marks as `pexed' the \256le or pipe end referred to by)10 2042 1 1080 3216 t
10 I f
(\256ldes.)3149 3216 w
10 R f
(On a pexed \256le)3 613 1 3412 3216 t
10 I f
(read, write)1 440 1 4052 3216 t
10 R f
(\(2\), and most forms of)4 900 1 4500 3216 t
10 I f
(ioctl)1080 3336 w
10 R f
( half-)1 223( these operations do not work in any process on a)10 2059( Moreover,)1 477(work only in the pexing process.)5 1349 4 1292 3336 t
( mark remains until the pexing process requests)7 2033( The)1 224( pipe with exactly one pexed end\).)6 1486(pexed pipe \(a)2 577 4 1080 3456 t
10 CW f
(FIONPX)1080 3576 w
10 R f
(or closes all \256le descriptors that refer to the \256le.)9 1908 1 1465 3576 t
(When)1080 3744 w
10 I f
(\256ldes)1355 3744 w
10 R f
(refers to a stream,)3 750 1 1603 3744 t
10 CW f
(FIOPX)2390 3744 w
10 R f
(and)2727 3744 w
10 CW f
(FIONPX)2908 3744 w
10 R f
( to be)2 248(require the stream's input and output queues)6 1847 2 3305 3744 t
(empty;)1080 3864 w
10 I f
(pex)1396 3864 w
10 R f
( When)1 301(\(3\) gives a method for emptying them.)6 1618 2 1542 3864 t
10 I f
(\256ldes)3499 3864 w
10 R f
( far end of which is)5 833(refers to a pipe, the)4 819 2 3748 3864 t
(unpexed,)1080 3984 w
10 CW f
(FIOPX)1473 3984 w
10 R f
(waits, with timeout, for an answering)5 1515 1 1803 3984 t
10 CW f
(FIOPX)3348 3984 w
10 R f
(or)3678 3984 w
10 CW f
(FIONPX)3791 3984 w
10 R f
(at the far end.)3 563 1 4181 3984 t
10 CW f
(FIONPX)4799 3984 w
10 R f
(waits)5189 3984 w
( request returns 1 when it leaves a pipe with exactly one end)12 2526( Either)1 304( far end is pexed.)4 724(similarly when the)2 766 4 1080 4104 t
( must cycle through the fully unpexed state between fully pexed states; from the time one)15 3720( pipe)1 206(pexed. A)1 394 3 1080 4224 t
(end becomes unpexed until the far end does too,)8 1927 1 1080 4344 t
10 CW f
(FIOPX)3032 4344 w
10 R f
(on the unpexed end will return error)6 1441 1 3357 4344 t
10 CW f
(ECONC)4823 4344 w
10 R f
(.)5123 4344 w
(If argument)1 474 1 1080 4512 t
10 I f
(p)1585 4512 w
10 R f
( the structure it points to is \256lled in with information about the pexedness of the)15 3290(is nonzero,)1 444 2 1666 4512 t
( format, de\256ned in)3 738( The)1 205(\256le and about the process at the far end of a pexed pipe.)12 2225 3 1080 4632 t
10 CW f
(<sys/filio.h>)4273 4632 w
10 R f
(is:)5078 4632 w
10 CW f
(struct pexclude {)2 1020 1 1080 4752 t
( FIOPX or FIONPX: state at begining of call */)9 2760( /*)1 480(int oldnear;)1 720 3 1440 4872 t
( FIOPX or FIONPX: state at end of call */)9 2460( /*)1 480(int newnear;)1 720 3 1440 4992 t
(int farpid; /* -1 if not pipe, 0 if not pexed, else process id */)14 3900 1 1440 5112 t
(int farcap; /* if farpid>0, capabilities */)6 2580 1 1440 5232 t
(int faruid; /* if farpid>0, user id */)7 2280 1 1440 5352 t
(};)1080 5472 w
10 R f
(Capabilities are represented as in the)5 1466 1 1080 5592 t
10 CW f
(lb_t)2571 5592 w
10 R f
(\256eld of a label; see)4 754 1 2836 5592 t
10 I f
(get\257ab)3615 5592 w
10 R f
(\(2\).)3895 5592 w
10 CW f
(FIOQX)1080 5760 w
10 R f
(obtains the information without affecting state.)5 1876 1 1405 5760 t
10 I f
(Read, write,)1 492 1 1080 5928 t
10 R f
(or)1603 5928 w
10 I f
(ioctl)1717 5928 w
10 R f
(calls that fail due to pexedness return error)7 1746 1 1926 5928 t
10 CW f
(ECONC)3703 5928 w
10 R f
( only)1 209(. The)1 236 2 4003 5928 t
10 I f
(ioctl)4479 5928 w
10 R f
( may)1 204(requests that)1 508 2 4688 5928 t
(succeed on a half-pexed pipe are)5 1368 1 1080 6048 t
10 CW f
(FIOCLEX)2486 6048 w
10 R f
(,)2906 6048 w
10 CW f
(FIONCLEX)2969 6048 w
10 R f
(,)3449 6048 w
10 CW f
(FIOPX)3512 6048 w
10 R f
(,)3812 6048 w
10 CW f
(FIONPX)3875 6048 w
10 R f
(, and)1 206 1 4235 6048 t
10 CW f
(FIOQX)4478 6048 w
10 R f
( half-pexed)1 463(. A)1 159 2 4778 6048 t
(pipe is deemed ready by)4 970 1 1080 6168 t
10 I f
(select)2075 6168 w
10 R f
(\(2\).)2310 6168 w
10 CW f
(FIOANPX)1080 6336 w
10 R f
(and)1528 6336 w
10 CW f
(FIOAPX)1700 6336 w
10 R f
(modify the response of open stream device \256les to)8 2032 1 2088 6336 t
10 CW f
(FIOPX)4149 6336 w
10 R f
( require)1 311(requests. They)1 611 2 4478 6336 t
10 CW f
(T_EXTERN)1080 6456 w
10 R f
(capability; see)1 576 1 1587 6456 t
10 I f
(getplab)2190 6456 w
10 R f
(\(2\). After)1 403 1 2498 6456 t
10 CW f
(FIOANPX)2928 6456 w
10 R f
(all)3375 6456 w
10 CW f
(FIOPX)3502 6456 w
10 R f
( \256le return 1 and)4 664(requests on the special)3 907 2 3829 6456 t
( in an unusable state \(as if the device driver were a process at the far end of a pipe, always)20 3672(leave the device)2 648 2 1080 6576 t
(responding)1080 6696 w
10 CW f
(FIONPX)1558 6696 w
10 R f
( reversed with)2 581( treatment is)2 512(\). The)1 272 3 1918 6696 t
10 CW f
(FIOAPX)3316 6696 w
10 R f
( mechanism allows a terminal to be)6 1463(. This)1 261 2 3676 6696 t
( kernel as being attached to an untrusted remote computer that cannot guarantee the exclu-)14 3636(denounced to the)2 684 2 1080 6816 t
(sivity asked by)2 600 1 1080 6936 t
10 CW f
(FIOPX)1705 6936 w
10 R f
(.)2005 6936 w
9 R f
( S)1 2( LE ES)2 109( PL)1 57( MP)1 52( XA AM)2 149(E EX)1 122 6 720 7104 t
10 R f
( following code)2 633( The)1 208( from the dialogue.)3 769(A program collecting a password wishes to exclude other programs)9 2710 4 1080 7224 t
( 34)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 34 34
%%Page: 35 35
/saveobj save def
mark
35 pagesetup
10 R f
( \( 4 \))3 140( PEX)1 4211(PEX \( 4 \))3 329 3 720 480 t
( dialogue passes through)3 985( the)1 148( \(When)1 322(does the trick.)2 565 4 1080 960 t
10 I f
(mux)3125 960 w
10 R f
(\(9.1\) or)1 299 1 3299 960 t
10 I f
(con)3623 960 w
10 R f
(\(1\), downstream stages of the path to the)7 1625 1 3775 960 t
(terminal can be assumed to be similarly pexed, provided)8 2255 1 1080 1080 t
10 CW f
(FIOPX)3360 1080 w
10 R f
(succeeds.\))3685 1080 w
10 CW f
(#define ok\(p\) \(p->farpid==-1 || p->farpid>0 && p->farcap!=0\))6 3600 1 1440 1248 t
(struct pexclude x;)2 1080 1 1440 1368 t
(if\(ioctl\(fd, FIOPX, &x\) == 0 && ok\(&x\)\) {)7 2460 1 1440 1488 t
(static char buf[9];)2 1140 1 1800 1608 t
(write\(fd, promptstr, strlen\(promptstr\)\);)2 2400 1 1800 1728 t
(read\(fd, buf, 8\);)2 1020 1 1800 1848 t
(s = buf;)2 480 1 1800 1968 t
(} else)1 360 1 1440 2088 t
(s = 0;)2 360 1 1800 2208 t
( restore state */)3 1020( /*)1 480(ioctl\(fd, x.oldnear, 0\);)2 1440 3 1440 2328 t
10 R f
( trusted processes,)2 749(An intervening trusted program, with a policy of recognizing exclusive access only for)12 3571 2 1080 2496 t
(may cooperate with)2 787 1 1080 2616 t
10 CW f
(n = read\(fd, buf, BUFSIZE\);)4 1620 1 1440 2784 t
(if\(n == -1 && errno == ECONC\) {)7 1860 1 1440 2904 t
(if\(ioctl\(fd, FIOPX, &pexcode\)!=0 || pexcode.farcap==0\))4 3240 1 1800 3024 t
(ioctl\(fd, FIONPX, 0\);)2 1260 1 2160 3144 t
( improper pexing */)3 1140( /*)1 240(} else)1 360 3 1800 3264 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 3432 t
10 I f
(ioctl)1080 3552 w
10 R f
(\(2\),)1266 3552 w
10 I f
(pipe)1432 3552 w
10 R f
(\(2\),)1612 3552 w
10 I f
(stream)1778 3552 w
10 R f
(\(4\),)2058 3552 w
10 I f
(pex)2224 3552 w
10 R f
(\(3\))2370 3552 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 3720 t
10 CW f
(EBADF)1080 3840 w
10 R f
(,)1380 3840 w
10 CW f
(ECONC)1430 3840 w
10 R f
(,)1730 3840 w
10 CW f
(EFAULT)1780 3840 w
10 R f
(,)2140 3840 w
10 CW f
(EIO)2190 3840 w
10 R f
(,)2370 3840 w
10 CW f
(ENOTTY)2420 3840 w
10 R f
(\()2805 3840 w
10 CW f
(FIOAPX)2838 3840 w
10 R f
(and)3223 3840 w
10 CW f
(FIOANPX)3392 3840 w
10 R f
(\))3812 3840 w
10 CW f
(ECONC)1080 3960 w
10 R f
(for forbidden IO calls in other processes.)6 1632 1 1405 3960 t
10 CW f
(EBUSY)1080 4080 w
10 R f
(for an undrained queue.)3 947 1 1405 4080 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 35)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 35 35
%%Page: 36 36
/saveobj save def
mark
36 pagesetup
10 R f
( \( 5 \))3 140( CHANGES)1 3928(CHANGES \( 5 \))3 612 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(filsys, fstab, passwd \261 changes to manual)6 1648 1 1080 1080 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1248 t
10 R f
(This section covers small changes in the named manual pages for IX relative to v10.)14 3369 1 1080 1368 t
( s)1 2( ys)1 41( sy)1 52( il ls)2 71(f fi)1 63 5 870 1536 t
(A disk inode in a regular file system contains an extra field for the file's security label.)16 3463 1 1080 1656 t
10 CW f
(#include <sys/label.h>)1 1320 1 1440 1824 t
(struct label labeldi;)2 1260 1 1440 1992 t
10 R f
( b)1 2( ab)1 52( ta)1 46( st)1 30(f fs)1 74 5 870 2160 t
(The table of normally mounted file systems,)6 1780 1 1080 2280 t
10 CW f
(/etc/fstab)2888 2280 w
10 R f
(, contains an extra field for the file system ceil-)9 1912 1 3488 2280 t
(ing; see)1 308 1 1080 2400 t
10 I f
(fmount)1413 2400 w
10 R f
(\(2\).)1699 2400 w
( d)1 2( wd)1 52( ss sw)2 115( as)1 41(p pa)1 96 5 870 2568 t
( the usual password file,)4 980(In addition to)2 543 2 1080 2688 t
10 CW f
(/etc/passwd)2631 2688 w
10 R f
(, there is a highly secret file)6 1124 1 3291 2688 t
10 CW f
(/etc/pwfile)4443 2688 w
10 R f
(, which)1 297 1 5103 2688 t
(is used by)2 410 1 1080 2808 t
10 I f
(pwserv)1520 2808 w
10 R f
( content line contains the following fields, separated by)8 2243( Each)1 253( clearances.)1 468(\(8\) to authorize)2 625 4 1811 2808 t
(colons:)1080 2928 w
(name)1440 3096 w
(encrypted password)1 795 1 1440 3216 t
(SNK key)1 369 1 1440 3336 t
(process license \(unused\))2 975 1 1440 3456 t
(clearance \(maximum ceiling\))2 1169 1 1440 3576 t
(The license and label fields are in the form understood by)10 2331 1 1080 3744 t
10 I f
(labtoa)3439 3744 w
10 R f
( may contain white)3 775(\(3\); thus the label field)4 922 2 3703 3744 t
( with fewer than five fields are ignored.)7 1579(space. Lines)1 518 2 1080 3864 t
(The name field contains a user name for option)8 1893 1 1080 4032 t
10 CW f
(-u)2999 4032 w
10 R f
(of)3146 4032 w
10 CW f
(/bin/session)3256 4032 w
10 R f
(. It is customary, but not necessary,)6 1424 1 3976 4032 t
(for names in)2 499 1 1080 4152 t
10 I f
(pwfile)1604 4152 w
10 R f
(also to be registered in)4 904 1 1874 4152 t
10 I f
(passwd)2803 4152 w
10 R f
(\(5\).)3106 4152 w
(The SNK field gives a 24-digit octal key for a Secure Net Key \(or Atalla\) challenge box.)16 3539 1 1080 4320 t
(The label field gives the maximum permissible label for option)9 2523 1 1080 4488 t
10 CW f
(-l)3628 4488 w
10 R f
(, and the ceiling label otherwise.)5 1295 1 3748 4488 t
( 36)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 36 36
%%Page: 37 37
/saveobj save def
mark
37 pagesetup
10 R f
( \( 5 \))3 140( LOG)1 4195(LOG \( 5 \))3 345 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(log \261 format of security logging records)6 1592 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(#include <sys/log.h>)1 1200 1 1080 1368 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1536 t
10 R f
(The structure of system log file records as declared in)9 2142 1 1080 1656 t
10 CW f
(<sys/log.h>)3247 1656 w
10 R f
(is)3932 1656 w
10 CW f
(struct logbuf {)2 900 1 1080 1776 t
( total length of whole record */)6 1920( /*)1 720(short len;)1 660 3 1500 1896 t
( process id */)3 840( /*)1 720(short pid;)1 660 3 1500 2016 t
( transaction number */)3 1320( /*)1 660(long slug;)1 720 3 1500 2136 t
( kind of record */)4 1080( /*)1 660(char code;)1 720 3 1500 2256 t
( sub-kind */)2 720( /*)1 660(char mode;)1 720 3 1500 2376 t
( ':', aids sync */)4 1080( /*)1 600(char colon;)1 780 3 1500 2496 t
(char body[LOGLEN];)1 1200 1 1500 2616 t
(};)1080 2736 w
10 R f
(The)1080 2856 w
10 CW f
(code)1272 2856 w
10 R f
( the)1 160( kernel records)2 616( In)1 145(field identifies the kind of record; for legal values see the include file.)12 2930 4 1549 2856 t
10 CW f
(mode)1080 2976 w
10 R f
( user records it contains the)5 1165(field identifies where in the kernel the logging record originated, for)10 2875 2 1360 2976 t
(minor device number of the)4 1109 1 1080 3096 t
10 CW f
(/dev/log/log)2214 3096 w
10 I f
(xx)2942 3096 w
10 R f
(file used to create the record.)5 1157 1 3055 3096 t
(The)1080 3264 w
10 CW f
(body)1266 3264 w
10 R f
(field contains the logging record proper; its actual length is determined from the)12 3273 1 1537 3264 t
10 CW f
(len)4841 3264 w
10 R f
(field. In)1 348 1 5052 3264 t
(kernel records the)2 730 1 1080 3384 t
10 CW f
(body)1843 3384 w
10 R f
( values, each prefixed by one or more format bytes according to)11 2626(is a sequence of)3 658 2 2116 3384 t
( numbers are represented low byte first.)6 1582( Multibyte)1 445(the following list.)2 709 3 1080 3504 t
10 CW f
(s)1080 3672 w
10 R f
(Next two bytes are a byte count for following string.)9 2097 1 1440 3672 t
10 CW f
($)1080 3840 w
10 R f
(Next one byte is a byte count for following string, which is typically a \256le component name.)16 3691 1 1440 3840 t
10 CW f
(C)1080 4008 w
10 R f
(Next byte is a byte count for following string, which is the command name.)13 3022 1 1440 4008 t
10 CW f
(j)1080 4176 w
10 R f
(Next value is a security label: two bytes of)8 1799 1 1440 4176 t
10 CW f
(lb_priv)3277 4176 w
10 R f
(followed by two bytes of index into the)7 1665 1 3735 4176 t
(kernel's shared label table for the lattice value of the label; see)11 2496 1 1440 4296 t
10 I f
(get\257ab)3961 4296 w
10 R f
(\(2\).)4241 4296 w
10 CW f
(J)1080 4464 w
10 R f
(Next value is a security label: two bytes of)8 1799 1 1440 4464 t
10 CW f
(lb_priv)3277 4464 w
10 R f
(followed by two bytes of index into the)7 1665 1 3735 4464 t
( lattice value of the label, followed by 60 bytes of bits of the lat-)14 2608(kernel's shared label table for the)5 1352 2 1440 4584 t
(tice value of the label.)4 884 1 1440 4704 t
10 I f
(n)1080 4872 w
10 R f
(Next)1440 4872 w
10 I f
(n)1659 4872 w
10 R f
(bytes \(n)1 319 1 1734 4872 t
10 I f
(=1,2,3,4\))2061 4872 w
10 R f
(represent a number.)2 789 1 2462 4872 t
10 CW f
(I)1080 5040 w
10 R f
(Next bytes name an inode: two bytes of device followed by two bytes of inumber.)14 3276 1 1440 5040 t
10 CW f
(E)1080 5208 w
10 R f
(The current system call suffered an)5 1404 1 1440 5208 t
10 CW f
(ELAB)2869 5208 w
10 R f
(error.)3134 5208 w
10 CW f
(e)1080 5376 w
10 R f
(Next byte is an)3 602 1 1440 5376 t
10 I f
(errno)2067 5376 w
10 R f
(code; see)1 368 1 2314 5376 t
10 I f
(intro)2707 5376 w
10 R f
(\(2\).)2910 5376 w
( \(see)1 192(The various bits of the log mask)6 1324 2 1080 5544 t
10 I f
(syslog)2628 5544 w
10 R f
(\(2\) are named)2 567 1 2886 5544 t
10 CW f
(LN)3485 5544 w
10 R f
(,)3605 5544 w
10 CW f
(LS)3662 5544 w
10 R f
(,)3782 5544 w
10 CW f
(LU)3839 5544 w
10 R f
(,)3959 5544 w
10 CW f
(LI)4016 5544 w
10 R f
(,)4136 5544 w
10 CW f
(LD)4193 5544 w
10 R f
(,)4313 5544 w
10 CW f
(LP)4370 5544 w
10 R f
(,)4490 5544 w
10 CW f
(LL)4547 5544 w
10 R f
(,)4667 5544 w
10 CW f
(LA)4724 5544 w
10 R f
(,)4844 5544 w
10 CW f
(LX)4901 5544 w
10 R f
(,)5021 5544 w
10 CW f
(LE)5078 5544 w
10 R f
(,)5198 5544 w
10 CW f
(LT)5255 5544 w
10 R f
(,)5375 5544 w
(with the same meanings as the corresponding key letters de\256ned in)10 2674 1 1080 5664 t
10 I f
(syslog)3779 5664 w
10 R f
(\(8\).)4037 5664 w
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 5832 t
10 CW f
(/dev/log)1080 5952 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 6120 t
10 I f
(syslog)1080 6240 w
10 R f
(\(2\),)1338 6240 w
10 I f
(log)1504 6240 w
10 R f
(\(4\),)1640 6240 w
10 I f
(syslog)1806 6240 w
10 R f
(\(8\))2064 6240 w
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 6408 t
10 R f
(The various kinds of kernel logging records are understandable only by reading the kernel source code.)15 4118 1 1080 6528 t
(It takes 7 bytes, not 4, to name an inode.)9 1615 1 1080 6648 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 37)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 37 37
%%Page: 38 38
/saveobj save def
mark
38 pagesetup
10 R f
( \( 5 \))3 140( PRIVS)1 4116(PRIVS \( 5 \))3 424 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(privs \261 privilege \256le)3 808 1 1080 1080 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1248 t
10 R f
(The \256le)1 316 1 1080 1368 t
10 CW f
(/etc/privs)1429 1368 w
10 R f
(expresses the rules whereby)3 1140 1 2062 1368 t
10 I f
(priv)3235 1368 w
10 R f
( consists of a list of state-)6 1070( It)1 120(\(1\) grants privilege.)2 806 3 3404 1368 t
( or more comments, each extending from)6 1692( One)1 224( a semicolon.)2 546(ments, each terminated by)3 1075 4 1080 1488 t
10 CW f
(#)4650 1488 w
10 R f
(to newline, may)2 657 1 4743 1488 t
(precede each statement.)2 949 1 1080 1608 t
( s)1 2( ts)1 41( gh ht)2 82( ig)1 52(R Ri)1 97 5 870 1776 t
(Rights are de\256ned thus:)3 947 1 1080 1896 t
10 CW f
(DEFINE)1440 2064 w
10 I f
(rights-list)1833 2064 w
10 CW f
(;)2231 2064 w
10 R f
(Each right in the comma-separated rights-list has a name, and optionally a parenthesized parameter type.)14 4320 1 1080 2232 t
(The types are)2 537 1 1080 2352 t
10 CW f
(LAB)1080 2520 w
10 R f
(Label, ordered by lattice value.)4 1241 1 1440 2520 t
10 CW f
(RE)1080 2688 w
10 R f
( expressions are in the form of)6 1394( Regular)1 396( inclusion.)1 447(Regular expression ordered by language)4 1723 4 1440 2688 t
10 I f
(regexp)1440 2808 w
10 R f
(\(3\), with enclosing)2 752 1 1719 2808 t
10 CW f
(\303\()2496 2808 w
10 R f
(and)2641 2808 w
10 CW f
(\)$)2810 2808 w
10 R f
(understood.)2955 2808 w
10 CW f
(PRIV)1080 2976 w
10 R f
(Set of privileges in)3 758 1 1440 2976 t
10 I f
(atopriv)2223 2976 w
10 R f
(form, ordered by inclusion; see)4 1245 1 2537 2976 t
10 I f
(labtoa)3807 2976 w
10 R f
(\(3\).)4071 2976 w
(Examples:)1080 3144 w
10 CW f
(DEFINE ceiling\(LAB\), filename\(RE\), privinstall;)3 2820 1 1440 3312 t
10 R f
( used solely by)3 612(Rights are identifiers)2 846 2 1080 3480 t
10 I f
(priv)2568 3480 w
10 R f
( the example,)2 545( In)1 138(; they have no other manifestation in the system.)8 1980 3 2737 3480 t
(the)1080 3600 w
10 CW f
(ceiling)1234 3600 w
10 R f
( The)1 211(right involves label comparisons, but has no necessary connection to process ceilings.)11 3503 2 1686 3600 t
(name could be changed globally to, say,)6 1603 1 1080 3720 t
10 CW f
(floor)2708 3720 w
10 R f
(without affecting the interpretation of)4 1503 1 3033 3720 t
10 CW f
(/etc/privs)4561 3720 w
10 R f
(.)5161 3720 w
( on n)2 54( ti io)2 82( za at)2 76( iz)1 46( ri)1 30( ho or)2 87( th)1 52( ut)1 30(A Au)1 124 9 870 3888 t
( like files in the file system,)6 1114( of the authorization tree are named,)6 1443( Nodes)1 305(Authorization is expressed by a tree.)5 1458 4 1080 4008 t
(by full pathnames starting from the root,)6 1654 1 1080 4128 t
10 CW f
(/)2765 4128 w
10 R f
( with each node are statements to grant rights, and)9 2056(. Associated)1 519 2 2825 4128 t
( a sub-)2 272( are monotone in the tree: the rights at a node must be)12 2171( Rights)1 314(statements to admit access to the node.)6 1563 4 1080 4248 t
( to a node implies access to its children.)8 1590( Access)1 332(set of the rights at its parent.)6 1135 3 1080 4368 t
(Right-granting statements have the form)4 1615 1 1080 4536 t
10 CW f
(RIGHTS)1440 4704 w
10 I f
(nodename rights-list)1 825 1 1833 4704 t
10 CW f
(;)2666 4704 w
10 R f
(A)1080 4872 w
10 I f
(rights-list)1182 4872 w
10 R f
( space or one of the)5 808( White)1 300( definition, but with explicit values for parameters.)7 2070(is as in a rights)4 620 4 1602 4872 t
(metacharacters)1080 4992 w
10 CW f
(;,\(\))1702 4992 w
10 R f
( Examples:)1 472(may be included in a value by placing double quotes around it.)11 2508 2 1967 4992 t
10 CW f
( ceiling\(ffff...\);)1 1080( priv\(upxnl\),)1 1440(RIGHTS /admin)1 780 3 1440 5160 t
( ceiling\("ffff ..."\);)2 1260( priv\(p\),)1 660(RIGHTS /admin/security)1 1320 3 1440 5280 t
(RIGHTS /admin/operations priv\(xn\))2 1980 1 1440 5400 t
10 R f
(Access statements have the form)4 1308 1 1080 5568 t
10 CW f
(ACCESS)1440 5736 w
10 I f
(nodename pred-list)1 774 1 1833 5736 t
10 CW f
(;)2615 5736 w
10 R f
(Access to the named node is granted when the comma-separated)9 2664 1 1080 5904 t
10 I f
(pred-list)3779 5904 w
10 R f
( predi-)1 274(is nonempty and all the)4 973 2 4153 5904 t
( node may have more than one)6 1225( A)1 122(cates in the list are satisfied.)5 1126 3 1080 6024 t
10 CW f
(ACCESS)3578 6024 w
10 R f
( predicates are)2 575(statement. Legal)1 685 2 3963 6024 t
10 CW f
(ID\()1080 6192 w
10 I f
(lognames)1268 6192 w
10 CW f
(\))1659 6192 w
10 R f
(A regular expression for login names that have access to this node.)11 2667 1 1440 6312 t
10 CW f
(PW\()1080 6480 w
10 I f
(name ...)1 316 1 1268 6480 t
10 CW f
(\))1592 6480 w
10 R f
(The password associated with one of the)6 1619 1 1440 6600 t
10 I f
(names)3084 6600 w
10 R f
(in)3364 6600 w
10 I f
(pw\256le)3467 6600 w
10 R f
(\(5\) must be presented.)3 887 1 3714 6600 t
10 CW f
(SRC\()1080 6768 w
10 I f
(source)1328 6768 w
10 CW f
(\))1602 6768 w
10 R f
(A regular expression for the stream identi\256er of the standard input.)10 2670 1 1440 6888 t
( s)1 2( es)1 41( le)1 46( ul)1 30(R Ru)1 119 5 870 7056 t
( requests and show the prerequisite rights for and the actions to carry out each)14 3362(Rules give patterns for)3 958 2 1080 7176 t
(request:)1080 7296 w
( 38)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 38 38
%%Page: 39 39
/saveobj save def
mark
39 pagesetup
10 R f
( \( 5 \))3 140( PRIVS)1 4116(PRIVS \( 5 \))3 424 3 720 480 t
10 CW f
(REQUEST\()1440 960 w
10 I f
(arguments)1928 960 w
10 CW f
(\) NEEDS)1 420 1 2358 960 t
10 I f
(rights)2811 960 w
10 CW f
(DOES)3078 960 w
10 I f
(actions)3351 960 w
10 B f
(;)3665 960 w
10 R f
(The request part shows)3 962 1 1080 1128 t
10 I f
(arguments)2080 1128 w
10 R f
(supplied to)1 455 1 2540 1128 t
10 I f
(priv)3033 1128 w
10 R f
(\(1\); normally the arguments spell out the prefix of a)9 2198 1 3202 1128 t
9 R f
(UNIX)1080 1248 w
10 R f
(command. The)1 625 1 1331 1248 t
10 CW f
(NEEDS)1982 1248 w
10 R f
( rights are as in a)5 679( The)1 205( rights are needed to perform the request.)7 1640(part tells what)2 568 4 2308 1248 t
(rights statement, with substituted parameters; see `Parameter values'.)7 2765 1 1080 1368 t
( to a node that grants the needed rights \(with the parameter in each grant dominat-)15 3334(If the process has access)4 986 2 1080 1536 t
( the)1 148(ing the parameter of the corresponding need\), then)7 2031 2 1080 1656 t
10 I f
(actions)3285 1656 w
10 R f
( the)1 148( Otherwise)1 461(for the request are performed.)4 1191 3 3600 1656 t
( actions are)2 454( Legal)1 277(request is denied.)2 696 3 1080 1776 t
10 CW f
(PRIV\(gunxlp\))1080 1944 w
10 R f
(Set one or more process licenses, abbreviated as in)8 2026 1 1440 2064 t
10 I f
(labtoa)3491 2064 w
10 R f
(\(3\).)3755 2064 w
10 CW f
(EXEC\()1080 2232 w
10 I f
(args)1388 2232 w
10 CW f
(\))1574 2232 w
10 R f
( program given by the)4 910(Execute a)1 396 2 1440 2352 t
10 I f
(args.)2778 2352 w
10 R f
(Members of the)2 646 1 3013 2352 t
10 I f
(args)3691 2352 w
10 R f
(list are separated by white space and)6 1499 1 3901 2352 t
(may specify substitutions; see `Parameter values'.)5 1997 1 1440 2472 t
10 CW f
(EXEC)3487 2472 w
10 R f
(does not do a)3 530 1 3752 2472 t
10 I f
(sh)4307 2472 w
10 R f
(\(1\)-like)4404 2472 w
10 CW f
($PATH)4728 2472 w
10 R f
(search.)5053 2472 w
10 CW f
(DAEMON\()1080 2640 w
10 I f
(args)1508 2640 w
10 CW f
(\))1694 2640 w
10 R f
(Same as)1 330 1 1440 2760 t
10 CW f
(EXEC)1795 2760 w
10 R f
(, but do not wait for the command to complete.)9 1879 1 2035 2760 t
10 CW f
(CEILING\()1080 2928 w
10 I f
(label)1568 2928 w
10 CW f
(\))1776 2928 w
10 R f
(Set the process ceiling.)3 921 1 1440 3048 t
10 CW f
(PRIVEDIT\()1080 3216 w
10 I f
(node file)1 347 1 1628 3216 t
10 CW f
(\))1983 3216 w
10 R f
( from the named)3 666(Read editing commands)2 970 2 1440 3336 t
10 I f
(\256le)3104 3336 w
10 R f
( the subtree at)3 566(. Only)1 278 2 3234 3336 t
10 I f
(node)4106 3336 w
10 R f
(is editable; nodes closer to)4 1072 1 4328 3336 t
(the root cannot be touched.)4 1084 1 1440 3456 t
10 CW f
(ANYSRC)1080 3624 w
10 R f
(Skip the normal check for a trusted source; see)8 1868 1 1440 3744 t
10 I f
(priv)3333 3744 w
10 R f
(\(1\).)3502 3744 w
( nodes of the authorization tree are visited in evaluating a)10 2370(The order in which)3 783 2 1080 3912 t
10 CW f
(NEEDS)4266 3912 w
10 R f
(clause is unde\256ned,)2 801 1 4599 3912 t
( actions of a granted request)5 1137( The)1 209(however at each node the predicates of the request are evaluated in order.)12 2974 3 1080 4032 t
( persisting until the end of the)6 1224(are also performed in order, with effects such as privilege settings)10 2670 2 1080 4152 t
10 I f
(priv)5004 4152 w
10 R f
(com-)5195 4152 w
(mand or until overridden by a later action.)7 1686 1 1080 4272 t
( s)1 2( es)1 41( ue)1 46( lu)1 52( al)1 30( va)1 46( v)1 93( r)1 2( er)1 35( te)1 46( et)1 30( me)1 46( am)1 80( ra)1 46( ar)1 35(P Pa)1 102 16 870 4440 t
(Parameter values appear in members of)5 1636 1 1080 4560 t
10 CW f
(NEEDS)2753 4560 w
10 R f
(and)3090 4560 w
10 CW f
(DOES)3271 4560 w
10 R f
( value may be surrounded by double)6 1531(lists. A)1 321 2 3548 4560 t
( of the metacharacters)3 886(quotes, in which case the value may contain white space or one)11 2572 2 1080 4680 t
10 CW f
(,;\(\))4566 4680 w
10 R f
( value may)2 444(. A)1 150 2 4806 4680 t
(contain substitution marks,)2 1095 1 1080 4800 t
10 CW f
($0)2207 4800 w
10 R f
(,)2327 4800 w
10 CW f
($1)2385 4800 w
10 R f
( such mark is replaced from the)6 1306( Each)1 257(, ...)1 133 3 2505 4800 t
10 I f
(priv)4234 4800 w
10 R f
(invocation,)4428 4800 w
10 CW f
($0)4908 4800 w
10 R f
(standing)5061 4800 w
( \256rst)1 182(for the match to the)4 790 2 1080 4920 t
10 I f
(argument)2078 4920 w
10 R f
(of the)1 231 1 2487 4920 t
10 CW f
(REQUEST)2744 4920 w
10 R f
( a star is appended to the mark \(e.g.)8 1427( If)1 117(and so on.)2 410 3 3190 4920 t
10 CW f
($0*)5195 4920 w
10 R f
(,)5375 4920 w
10 CW f
($1*)1080 5040 w
10 R f
( can follow a star)4 735( Nothing)1 389(\), the argument and all following ones are copied into the parameter list.)12 3016 3 1260 5040 t
(mark in a parameter.)3 825 1 1080 5160 t
( ng g)2 54( it ti in)3 112( di)1 30(E Ed)1 113 4 870 5328 t
( be used with action)4 819(Statements of the above forms may)5 1432 2 1080 5448 t
10 CW f
(PRIVEDIT)3361 5448 w
10 R f
(to augment a)2 526 1 3871 5448 t
10 I f
(privs)4427 5448 w
10 R f
( types)1 241(\256le. Further)1 502 2 4657 5448 t
(of statements exist for editing only:)5 1419 1 1080 5568 t
10 CW f
(RMDEFINE)1080 5736 w
10 I f
(rights-list)1593 5736 w
10 CW f
(;)2016 5736 w
10 R f
(Remove all occurences of the listed rights from the \256le.)9 2219 1 1440 5856 t
10 CW f
(RMACCESS)1080 6024 w
10 I f
(nodename pred-list)1 774 1 1593 6024 t
10 CW f
(;)2400 6024 w
(RMRIGHTS)1080 6144 w
10 I f
(nodename rights-list)1 825 1 1593 6144 t
10 CW f
(;)2451 6144 w
10 R f
( the list is empty, remove)5 1021( If)1 117(Remove the given access list or the given rights from the named node.)12 2822 3 1440 6264 t
(all access lists or rights.)4 952 1 1440 6384 t
10 CW f
(RMREQUEST\()1080 6552 w
10 I f
(arguments)1688 6552 w
10 CW f
(\))2118 6552 w
10 I f
(;)2186 6552 w
10 R f
(Remove the)1 480 1 1440 6672 t
10 CW f
(REQUEST)1945 6672 w
10 R f
(with identical)1 547 1 2390 6672 t
10 I f
(arguments.)2962 6672 w
10 CW f
(RMNODE)1080 6840 w
10 I f
(path-list)1473 6840 w
10 CW f
(;)1815 6840 w
10 R f
(Remove the listed subtrees.)3 1099 1 1440 6960 t
10 CW f
(DEFINE)1080 7128 w
10 R f
(,)1440 7128 w
10 CW f
(RMDEFINE)1490 7128 w
10 R f
(,)1970 7128 w
10 CW f
(REQUEST)2020 7128 w
10 R f
(, and)1 194 1 2440 7128 t
10 CW f
(RMREQUEST)2659 7128 w
10 R f
(are understood to modify the root.)5 1365 1 3224 7128 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 39)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 39 39
%%Page: 40 40
/saveobj save def
mark
40 pagesetup
10 R f
( \( 5 \))3 140( PRIVS)1 4116(PRIVS \( 5 \))3 424 3 720 480 t
9 R f
( S)1 2( LE ES)2 109( PL)1 57( MP)1 52( XA AM)2 149(E EX)1 122 6 720 960 t
10 CW f
(REQUEST\(session -l\))1 1140 1 1080 1080 t
(NEEDS ceiling\($2\))1 1020 1 1440 1200 t
(DOES PRIV\(nx\) EXEC\(/bin/session -l $2\);)4 2340 1 1440 1320 t
(REQUEST\(/etc/downgrade -l\))1 1560 1 1080 1440 t
(NEEDS downgrade\($2\))1 1140 1 1440 1560 t
(DOES PRIV\(nx\) EXEC\($*\);)2 1380 1 1440 1680 t
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 1848 t
10 CW f
(/etc/privs)1080 1968 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 2136 t
10 I f
(priv)1080 2256 w
10 R f
(\(1\),)1249 2256 w
10 I f
(privserv)1415 2256 w
10 R f
(\(8\))1750 2256 w
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 2424 t
10 R f
(There is no way to quote a newline or an initial double quote in parameters.)14 3020 1 1080 2544 t
(If an)1 196 1 1080 2664 t
10 CW f
(ACCESS)1312 2664 w
10 R f
(or)1708 2664 w
10 CW f
(RMACCESS)1827 2664 w
10 R f
(statement contains duplicate predicates,)3 1619 1 2343 2664 t
10 CW f
(RMACCESS)3998 2664 w
10 R f
( an unin-)2 379(may remove)1 507 2 4514 2664 t
(tended list.)1 439 1 1080 2784 t
( 40)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 40 40
%%Page: 41 41
/saveobj save def
mark
41 pagesetup
10 R f
( \( 5 \))3 140( SRC)1 4210(SRC \( 5 \))3 330 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(src \261 form of a stream identi\256er)6 1264 1 1080 1080 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1248 t
10 R f
(Stream identi\256ers, de\256ned in)3 1194 1 1080 1368 t
10 I f
(stream)2312 1368 w
10 R f
(\(4\), are conventionally set by)4 1219 1 2592 1368 t
10 I f
(init)3849 1368 w
10 R f
(\(8\) and)1 298 1 3991 1368 t
10 I f
(dkmgr)4327 1368 w
10 R f
(\(8\) to designate the)3 810 1 4590 1368 t
( datakit source begins with)4 1071( A)1 122(source of the login stream.)4 1062 3 1080 1488 t
10 CW f
(dk!)3360 1488 w
10 R f
(followed by a dial string.)4 1002 1 3565 1488 t
10 I f
(Session)1080 1656 w
10 R f
(\(1\) may append to the stream identi\256er of the standard input a colon and a name, which is under-)18 4012 1 1388 1656 t
(stood by)1 351 1 1080 1776 t
10 I f
(pwserv)1464 1776 w
10 R f
(\(8\) as an assertion that the agent on that stream knows the password associated with that)15 3645 1 1755 1776 t
(name, which obviates further demands for that password.)7 2287 1 1080 1896 t
9 R f
( S)1 2( LE ES)2 109( PL)1 57( MP)1 52( XA AM)2 149(E EX)1 122 6 720 2064 t
10 CW f
(dk!201/mu/attbl:doug)1080 2184 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 2352 t
10 I f
(getstsrc)1080 2472 w
10 R f
(\(3\))1399 2472 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 41)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 41 41
%%Page: 42 42
/saveobj save def
mark
42 pagesetup
10 R f
( \( 8 \))3 140( APX)1 4200(APX \( 8 \))3 340 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(apx \261 mark an open stream device trusted)7 1660 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(/etc/apx)1080 1368 w
10 R f
([)1585 1368 w
10 I f
(arg)1643 1368 w
10 R f
(])1807 1368 w
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1536 t
10 R f
( freshly opened stream device has the)6 1610(By default, a)2 549 2 1080 1656 t
10 CW f
(APX)3283 1656 w
10 R f
( If)1 135(bit cleared: it will reject all pex requests.)7 1758 2 3507 1656 t
(invoked without an argument,)3 1217 1 1080 1776 t
10 I f
(apx)2328 1776 w
10 R f
( calling the)2 454(will set the APX bit on its standard input \(by)9 1846 2 2503 1776 t
10 CW f
(FIOAPX)4833 1776 w
10 R f
(con-)5223 1776 w
( invoked without an argument the)5 1381(trol\). If)1 320 2 1080 1896 t
10 CW f
(APX)2814 1896 w
10 R f
(bit is cleared.)2 551 1 3027 1896 t
10 I f
(Apx)3636 1896 w
10 R f
(needs licence)1 542 1 3824 1896 t
10 CW f
(T_EXTERN)4399 1896 w
10 R f
( is)1 100( It)1 119(to run.)1 269 3 4912 1896 t
( at login time, provided that the source identi\256er of the standard input of the)14 3103(usually automatically invoked)2 1217 2 1080 2016 t
(login session is worthy.)3 945 1 1080 2136 t
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 2304 t
10 CW f
(/etc/privs)1080 2424 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 2592 t
10 I f
(pex)1080 2712 w
10 R f
(\(4\))1226 2712 w
( 42)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 42 42
%%Page: 43 43
/saveobj save def
mark
43 pagesetup
10 R f
( \( 8 \))3 140( CHANGES)1 3928(CHANGES \( 8 \))3 612 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(init, mount \261 changes to manual)5 1283 1 1080 1080 t
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1248 t
10 R f
(This section covers small changes in the named manual pages for IX relative to v10.)14 3369 1 1080 1368 t
( it t)2 32( ni)1 30(i in)1 80 3 870 1536 t
(In single-user operation,)2 1007 1 1080 1656 t
10 I f
(init)2129 1656 w
10 R f
(invokes)2305 1656 w
10 I f
(nosh)2658 1656 w
10 R f
(\(8\) with security label set at bottom and all capabilities; see)10 2545 1 2855 1656 t
10 I f
(getplab)1080 1776 w
10 R f
( single-user operation,)2 996( the end of)3 586(\(2\). At)1 345 3 1388 1776 t
10 I f
(init)3393 1776 w
10 R f
(invokes)3605 1776 w
10 I f
(nosh)3994 1776 w
10 R f
(to run the startup script)4 1139 1 4261 1776 t
10 CW f
(/etc/rs.nosh)1080 1896 w
10 R f
(, again with bottom label and all capabilities.)7 1796 1 1800 1896 t
(In multiuser operation,)2 917 1 1080 2064 t
10 I f
(init)2024 2064 w
10 R f
( to the a `\257oor' value, which is)7 1247(opens each terminal port with a security label set)8 1968 2 2185 2064 t
(the label of the \256le)4 749 1 1080 2184 t
10 CW f
(/etc/floor)1854 2184 w
10 R f
(.)2454 2184 w
( t)1 2( ou un nt)3 134(m mo)1 130 3 870 2352 t
(New option:)1 497 1 1080 2472 t
10 CW f
(-l)1080 2640 w
10 I f
(label)1233 2640 w
10 R f
(The)1440 2760 w
10 I f
(label,)1620 2760 w
10 R f
(speci\256ed as in)2 566 1 1870 2760 t
10 I f
(labtoa)2461 2760 w
10 R f
(\(3\), becomes the \256le system ceiling; see)6 1595 1 2725 2760 t
10 I f
(fmount)4345 2760 w
10 R f
(\(2\).)4631 2760 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 43)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 43 43
%%Page: 44 44
/saveobj save def
mark
44 pagesetup
10 R f
( \( 8 \))3 140( CL)1 4272(CL \( 8 \))3 268 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(cl, integrity \261 \256le system label check)6 1468 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(/etc/cl)1080 1368 w
10 R f
([)1525 1368 w
10 I f
(spec\256le)1583 1368 w
10 S f
(\357)1915 1368 w
10 I f
(dir)1997 1368 w
10 R f
(] ...)1 133 1 2139 1368 t
10 CW f
(/etc/integrity)1080 1536 w
10 R f
([)1945 1536 w
10 I f
(rootdir)2003 1536 w
10 R f
(])2312 1536 w
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1704 t
10 I f
(Cl)1080 1824 w
10 R f
( Each)1 256(examines \256le trees for correctness of labels.)6 1790 2 1207 1824 t
10 I f
(spec\256le)3285 1824 w
10 R f
( descrip-)1 354(argument names a \256le containing a)5 1430 2 3616 1824 t
( line of a)3 352( Each)1 249(tion of the labels expected in a given subtree of a \256le system.)12 2438 3 1080 1944 t
10 I f
(spec\256le)4144 1944 w
10 R f
(has the form)2 499 1 4468 1944 t
10 CW f
(filename uid,gid mode capabilities licenses label)5 2940 1 1440 2112 t
10 R f
(User and group ids are specified in the style of)9 1896 1 1080 2280 t
10 I f
(chown)3005 2280 w
10 R f
( in the style of)4 592( mode is specified)3 736(\(8\). The)1 350 3 3274 2280 t
10 I f
(chmod)4982 2280 w
10 R f
(\(2\);)5256 2280 w
( and licenses are in the style of)7 1242( Capabilities)1 530(only the 07777 bits are significant.)5 1403 3 1080 2400 t
10 I f
(atopriv)4282 2400 w
10 R f
(; see)1 182 1 4579 2400 t
10 I f
(labtoa)4788 2400 w
10 R f
(\(3\). The)1 348 1 5052 2400 t
(label is in the style of)5 858 1 1080 2520 t
10 I f
(atolab,)1963 2520 w
10 R f
(without capabilities or licenses.)3 1260 1 2269 2520 t
( lines name particular files in the tree.)7 1522( Subsequent)1 512(The first valid line names the root of the tree in question.)11 2286 3 1080 2688 t
( not match its description)4 1023(A report is made for each `suspicious' file and for each particular file which does)14 3297 2 1080 2808 t
(in)1080 2928 w
10 I f
(specfile)1183 2928 w
10 R f
(.)1496 2928 w
(A suspicious file is a file that is not named in the)11 1952 1 1080 3096 t
10 I f
(specfile)3057 3096 w
10 R f
(for which one of the following holds:)6 1493 1 3387 3096 t
(The label has flag)3 712 1 1440 3264 t
10 CW f
(L_UNDEF)2177 3264 w
10 R f
(or)2622 3264 w
10 CW f
(L_YES)2730 3264 w
10 R f
(.)3030 3264 w
(The file is a special file the label flag is)9 1572 1 1440 3384 t
10 CW f
(L_NO)3037 3384 w
10 R f
(.)3277 3384 w
(The file is not a special file the label flag is not)11 1878 1 1440 3504 t
10 CW f
(L_NO)3343 3504 w
10 R f
(.)3583 3504 w
(The lattice value of the label is not dominated by the label in the first line of)16 3041 1 1440 3624 t
10 I f
(specfile)4506 3624 w
10 R f
(.)4819 3624 w
(The capability or license is not dominated by the corresponding value in the first line of)15 3504 1 1440 3744 t
10 I f
(specfile)4969 3744 w
10 R f
(.)5282 3744 w
( argument)1 404(Each named directory)2 877 2 1080 3912 t
10 I f
(dir)2388 3912 w
10 R f
(is treated as if there were a)6 1080 1 2532 3912 t
10 I f
(specfile)3639 3912 w
10 R f
(argument consisting of just a single)5 1429 1 3971 3912 t
(line)1080 4032 w
10 I f
(dir)1440 4200 w
10 CW f
(bin,bin 666 ----- ----- 0000...)4 1860 1 1617 4200 t
10 I f
(Integrity)1440 4320 w
10 R f
(surveys the directory tree dependent from)5 1695 1 1815 4320 t
10 I f
(rootdir,)3541 4320 w
10 R f
(or)3881 4320 w
10 CW f
(/)3995 4320 w
10 R f
(if no)1 193 1 4086 4320 t
10 I f
(rootdir)4311 4320 w
10 R f
( reports)1 309( It)1 118(is given.)1 346 3 4627 4320 t
( privilege.)1 412(non-bottom labels, which are possible signs of loss of integrity \261 modification without)12 3548 2 1440 4440 t
(The search cuts off at directories with non-bottom labels.)8 2282 1 1440 4560 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 4728 t
10 I f
(getflab)1080 4848 w
10 R f
(\(2\),)1366 4848 w
10 I f
(ftw)1532 4848 w
10 R f
(\(3\),)1663 4848 w
10 I f
(lcheck)1829 4848 w
10 R f
(\(8\))2091 4848 w
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 5016 t
10 R f
(Extraneous diagnostics may be produced if this command is applied to active file systems.)13 3613 1 1080 5136 t
( 44)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 44 44
%%Page: 45 45
/saveobj save def
mark
45 pagesetup
10 R f
( \( 8 \))3 140( NOSH)1 4128(NOSH \( 8 \))3 412 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(nosh \261 `no-suprise' shell, a sub-standard command interpreter)7 2473 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(/etc/nosh)1080 1368 w
10 R f
([)1645 1368 w
10 I f
(file)1703 1368 w
10 R f
(])1856 1368 w
10 CW f
(priv nosh -gunxlp)2 1020 1 1080 1536 t
10 I f
(file)2125 1536 w
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1704 t
10 I f
(Nosh)1080 1824 w
10 R f
(executes commands read from its standard input or from the named)10 2755 1 1317 1824 t
10 I f
(file)4103 1824 w
10 R f
( advanced)1 408( has few of the)4 611(. It)1 142 3 4239 1824 t
(features of)1 434 1 1080 1944 t
10 I f
(sh)1550 1944 w
10 R f
( second usage,)2 599( the)1 158( In)1 144(\(1\), making it more trustable for use in security administration tasks.)10 2852 4 1647 1944 t
10 I f
(nosh)1080 2064 w
10 R f
(is endowed with one or more of the licenses)8 1758 1 1294 2064 t
10 CW f
(gunxlp)3077 2064 w
10 R f
(; see)1 180 1 3437 2064 t
10 I f
(labtoa)3642 2064 w
10 R f
(\(3\).)3906 2064 w
( s)1 2( nd ds)2 93( an)1 52( mm ma)2 126( om)1 80(C Co)1 119 6 870 2232 t
(A command is either)3 847 1 1080 2352 t
10 I f
(simple)1956 2352 w
10 R f
(or)2246 2352 w
10 I f
(builtin.)2358 2352 w
10 R f
( of a sequence of)4 695(Each command consists)2 968 2 2674 2352 t
10 I f
(words)4367 2352 w
10 R f
(separated by white)2 758 1 4642 2352 t
( quoting and sharp commenting are)5 1462( Backslash)1 465( of input.)2 384(space, terminated by a new-line character or end)7 2009 4 1080 2472 t
( the command name matches)4 1163( If)1 117( the command to be executed.)5 1197( first word specifies the name of)6 1286(honored. The)1 557 5 1080 2592 t
( the command name matches no builtin)6 1577( If)1 118(one of the builtins listed below it is executed in the shell process.)12 2625 3 1080 2712 t
( is taken to be the pathname of an executable file; the name must begin with)15 3157(command, it)1 507 2 1080 2832 t
10 CW f
(/)4777 2832 w
10 R f
(or)4870 2832 w
10 CW f
(.)4986 2832 w
10 R f
( new)1 199(. A)1 155 2 5046 2832 t
(process is created and an attempt is made to execute the file via)12 2533 1 1080 2952 t
10 I f
(exec)3638 2952 w
10 R f
(\(2\) with an empty environment.)4 1268 1 3822 2952 t
( on n)2 54( ti io)2 82( ec ct)2 76( re)1 46( ir)1 35( di)1 30( ed)1 52( Re)1 46( R)1 110( t)1 2( pu ut)2 82( tp)1 52( ut)1 30( Ou)1 52( -O)1 74( t-)1 35( np pu ut)3 134(I In)1 85 18 870 3120 t
( Simple)1 334(The standard input is inherited by simple commands.)7 2121 2 1080 3240 t
10 CW f
(>)3560 3240 w
10 R f
( in)1 104(output redirection to named files as)5 1412 2 3645 3240 t
10 I f
(sh)5187 3240 w
10 R f
(\(1\))5284 3240 w
(works only for simple commands, and only for file descriptors 1 \(default\) and 2.)13 3209 1 1080 3360 t
( s)1 2( nd ds)2 93( an)1 52( mm ma)2 126( om)1 80( Co)1 52( C)1 110( n)1 2( il lt ti in)4 142( ui)1 30(B Bu)1 119 11 870 3528 t
10 CW f
(cd)1080 3648 w
10 I f
(dir)1233 3648 w
10 R f
(Change the current directory to)4 1247 1 1440 3648 t
10 I f
(dir.)2712 3648 w
10 CW f
(exit)1080 3768 w
10 I f
(status)1353 3768 w
10 R f
(Exit with given status, 0 by default.)6 1422 1 1440 3888 t
10 CW f
(set +e)1 360 1 1080 4008 t
(set -e)1 360 1 1080 4128 t
10 R f
( \()1 62(Turn an ignore-error switch on)4 1242 2 1440 4248 t
10 CW f
(+e)2744 4248 w
10 R f
(, default\) or off \()4 683 1 2864 4248 t
10 CW f
(-e)3547 4248 w
10 R f
(\).)3667 4248 w
10 I f
(Nosh)3779 4248 w
10 R f
(normally ignores nonzero exit sta-)4 1386 1 4014 4248 t
(tus from an executed command, but exits with that status if)10 2362 1 1440 4368 t
10 CW f
(-e)3827 4368 w
10 R f
(is set.)1 228 1 3972 4368 t
10 CW f
(set +x)1 360 1 1080 4488 t
(set -x)1 360 1 1080 4608 t
10 R f
(Refrain from echoing \()3 917 1 1440 4728 t
10 CW f
(+x)2357 4728 w
10 R f
(, default\) or echo \()4 739 1 2477 4728 t
10 CW f
(-x)3216 4728 w
10 R f
(\) each command as it is executed.)6 1344 1 3336 4728 t
10 CW f
(lmask)1080 4848 w
10 I f
(licenses command)1 729 1 1413 4848 t
10 R f
([)2167 4848 w
10 I f
(arg)2225 4848 w
10 R f
(... ])1 133 1 2389 4848 t
( nonempty string from the set)5 1205(Run a simple command, allowing licenses indicated by a)8 2305 2 1440 4968 t
10 CW f
(gunxlp-)4980 4968 w
10 R f
(to be inherited from)3 796 1 1440 5088 t
10 I f
(nosh.)2261 5088 w
10 R f
(Normally no licenses are inherited.)4 1400 1 2500 5088 t
( s)1 2( es)1 41( re)1 46( ur)1 35( tu)1 52( ea at)2 76( fe)1 46( f)1 76( ng g)2 54( in)1 52( ss si)2 71( is)1 41(M Mi)1 119 13 870 5208 t
(Features of)1 456 1 1080 5328 t
10 I f
(sh)1571 5328 w
10 R f
(\(1\) that)1 302 1 1668 5328 t
10 I f
(nosh)2006 5328 w
10 R f
(lacks include: background commands, pipelines, compound commands, most)7 3169 1 2231 5328 t
( substitution, parameter substitution, variables, environments,)5 2513(builtins, multicharacter quotation, command)3 1807 2 1080 5448 t
( generation, redirection of input, signal traps, search paths, mail noti\256cation,)10 3189(\256le name)1 382 2 1080 5568 t
10 CW f
(.profile)4690 5568 w
10 R f
(, user)1 230 1 5170 5568 t
(speci\256cation of prompts.)2 991 1 1080 5688 t
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 5856 t
10 I f
(Nosh)1080 5976 w
10 R f
( labeled)1 317(prints nonzero exit or termination status of executed commands as octal numbers)11 3270 2 1314 5976 t
10 CW f
(e=)4930 5976 w
10 R f
(and)5079 5976 w
10 CW f
(t=)5252 5976 w
10 R f
(;)5372 5976 w
(see)1080 6096 w
10 I f
(wait)1236 6096 w
10 R f
( invoked with a)3 631(\(2\). If)1 261 2 1417 6096 t
10 I f
(\256le)2338 6096 w
10 R f
( for nonzero termination status or syn-)6 1549(argument, it exits unconditionally)3 1362 2 2489 6096 t
(tax error, and conditionally \(under control of)6 1788 1 1080 6216 t
10 CW f
(set)2893 6216 w
10 R f
(\) for nonzero exit status.)4 973 1 3073 6216 t
10 I f
(Nosh)1080 6384 w
10 R f
( more than one argument, if invoked with an argument with a rela-)12 2719(exits immediately if invoked with)4 1366 2 1315 6384 t
(tive path name, if invoked by a relative path name, or if invoked with interrupt or quit signals ignored.)18 4087 1 1080 6504 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 6672 t
10 I f
(sh)1080 6792 w
10 R f
(\(1\))1177 6792 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 45)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 45 45
%%Page: 46 46
/saveobj save def
mark
46 pagesetup
10 R f
( \( 8 \))3 140( PRIVSERV)1 3916(PRIVSERV \( 8 \))3 624 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(privserv \261 privilege server)3 1050 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(lmask nuxl /etc/privserv)2 1440 1 1080 1368 t
10 R f
([)2545 1368 w
10 I f
(option ...)1 356 1 2603 1368 t
10 R f
(])2984 1368 w
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1536 t
10 I f
(Privserv)1080 1656 w
10 R f
( keeper and interpreter of the)5 1159(is the)1 214 2 1443 1656 t
10 I f
(privs)2842 1656 w
10 R f
(\(5\) \256le.)1 295 1 3050 1656 t
10 I f
(Priv \(1\))1 314 1 3396 1656 t
10 R f
(calls on)1 309 1 3736 1656 t
10 I f
(privserv)4071 1656 w
10 R f
(to hand out privileges in)4 976 1 4424 1656 t
(accordance with the rules given in)5 1441 1 1080 1776 t
10 I f
(privs. Privserv)1 603 1 2561 1776 t
10 R f
( permanent process, normally started by the boot)7 2045(is a)1 151 2 3204 1776 t
(script)1080 1896 w
10 I f
(rc)1327 1896 w
10 R f
( receives service requests through the mounted pipe)7 2065(\(8\). It)1 252 2 1418 1896 t
10 CW f
(/cs/priv)3760 1896 w
10 R f
(. The options are)3 671 1 4240 1896 t
10 CW f
(-p)1080 2064 w
10 I f
(name)1233 2064 w
10 R f
( server,)1 298(The \256le name of the)4 820 2 1440 2184 t
10 CW f
(/etc/privserv)2588 2184 w
10 R f
(by default \(used to reinvoke the priv server when)8 2002 1 3398 2184 t
(the)1440 2304 w
10 I f
(privs)1587 2304 w
10 R f
(\(5\) \256le is modi\256ed by a)5 936 1 1795 2304 t
10 CW f
(PRIVEDIT)2756 2304 w
10 R f
(request.\))3261 2304 w
10 CW f
(-m)1080 2472 w
10 I f
(mountpt)1233 2472 w
10 R f
(The \256le system mount point for privilege service,)7 1976 1 1440 2592 t
10 CW f
(/cs/priv)3441 2592 w
10 R f
(by default.)1 427 1 3946 2592 t
10 CW f
(-l)1080 2760 w
10 I f
(logfile)1233 2760 w
10 R f
(The \256le in which to record logging information,)7 1915 1 1440 2880 t
10 CW f
(/usr/adm/privlog)3380 2880 w
10 R f
(by default.)1 427 1 4365 2880 t
10 CW f
(-f)1080 3048 w
10 I f
(privs)1233 3048 w
10 R f
(The data base of privileges,)4 1168 1 1440 3168 t
10 CW f
(/etc/privs)2650 3168 w
10 R f
( Unless)1 339(by default.)1 444 2 3292 3168 t
10 I f
(privs)4117 3168 w
10 R f
(is itself a privileged \256le,)4 1041 1 4359 3168 t
10 I f
(privserv)1440 3288 w
10 R f
(will not actually grant the privileges there speci\256ed.)7 2075 1 1792 3288 t
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 3456 t
10 CW f
(/etc/privs)1080 3576 w
(/cs/priv)1080 3696 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 105( EE E)2 59(S SE)1 107 7 720 3864 t
10 I f
(priv)1080 3984 w
10 R f
(\(1\))1249 3984 w
( 46)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 46 46
%%Page: 47 47
/saveobj save def
mark
47 pagesetup
10 R f
( \( 8 \))3 140( PWSERV)1 3994(PWSERV \( 8 \))3 546 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(pwserv \261 password veri\256cation service)4 1552 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(/etc/pwserv)1080 1368 w
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1536 t
10 I f
(Pwserv,)1080 1656 w
10 R f
(normally started from)2 885 1 1431 1656 t
10 I f
(rc)2348 1656 w
10 R f
( requests initiated by \(say\))4 1086(\(8\), handles password veri\256cation)3 1374 2 2439 1656 t
10 I f
(pwquery)4932 1656 w
10 R f
(\(3\))5284 1656 w
(through the conventional process mount point)5 1840 1 1080 1776 t
10 CW f
(/cs/pw)2946 1776 w
10 R f
( request is made a \256le descriptor \(called the)8 1735(. When a)2 359 2 3306 1776 t
(`line' below\) is passed to)4 1040 1 1080 1896 t
10 I f
(pwserv)2154 1896 w
10 R f
( Normally,)1 468( user name and an optional parameter string.)7 1844(together with a)2 617 3 2471 1896 t
10 I f
(pwserv)1080 2016 w
10 R f
( the line, reads a reply, and returns an indication of success to the invoking client.)15 3256(writes a prompt on)3 755 2 1389 2016 t
( taken from the \256le)4 784(Valid passwords are)2 819 2 1080 2136 t
10 CW f
(/etc/pwfile)2714 2136 w
10 R f
(, which lists for each user an ordinary \(encrypted,)8 2026 1 3374 2136 t
10 I f
(crypt)1080 2256 w
10 R f
( prompting, an)2 620( Before)1 338( Net Key\) challenge-response key.)4 1444(\(3\)-style\) password and an SNK \(Secure)5 1705 4 1293 2256 t
10 CW f
(FIOPX)1080 2376 w
10 R f
( user private; see)3 682(IO control is attempted to render the line to the end)10 2067 2 1407 2376 t
10 I f
(pex)4184 2376 w
10 R f
( this succeeds either)3 810(\(4\). If)1 260 2 4330 2376 t
( pri-)1 172( the pex bid fails, the prompt warns that the line is not)12 2205( If)1 120(a classical or an Atalla password is accepted.)7 1823 4 1080 2496 t
(vate, and only an SNK response is accepted.)7 1771 1 1080 2616 t
( the prompt looks like)4 986(In the pexed case)3 767 2 1080 2784 t
10 CW f
(Password\(pjw:31416\):)2885 2784 w
10 R f
(and in the unpexed case like)5 1263 1 4137 2784 t
10 CW f
(Password\(TAPPED LINE:01492\):)1 1683 1 1080 2904 t
10 R f
( digit string after the colon is the Atalla challenge string.)10 2276(The \256ve)1 333 2 2791 2904 t
( digits in the response must be)6 1271( Hex)1 226( \256ve digits of the Atalla response string are signi\256cant.)9 2277(Only the \256rst)2 546 4 1080 3024 t
(typed in lower case.)3 798 1 1080 3144 t
(Possible values of the optional parameter string are)7 2044 1 1080 3312 t
10 CW f
(pex)1080 3480 w
10 R f
( server with)2 473( the)1 173(\(speci\256ed by opening)2 862 3 1440 3480 t
10 CW f
(ipcopen\("/cs/pw!pex"\) \))1 1381 1 2974 3480 t
10 R f
(Accept passwords only if)3 1018 1 4382 3480 t
(the)1440 3600 w
10 CW f
(FIOPX)1587 3600 w
10 R f
(succeeds.)1912 3600 w
(When the line's stream identi\256er asserts previous con\256rmation of the same password,)11 3626 1 1080 3768 t
10 I f
(pwserv)4751 3768 w
10 R f
(answers)5079 3768 w
(af\256rmatively without demanding a password; see)5 1967 1 1080 3888 t
10 I f
(session)3072 3888 w
10 R f
(\(1\) and)1 285 1 3369 3888 t
10 I f
(src)3679 3888 w
10 R f
(\(5\).)3809 3888 w
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 4056 t
10 CW f
(/etc/pwserv)1080 4176 w
(/etc/pwfile)1080 4296 w
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 4464 t
10 I f
(pwquery)1080 4584 w
10 R f
(\(3\),)1432 4584 w
10 I f
(ipc)1598 4584 w
10 R f
(\(3\),)1728 4584 w
10 I f
(pex)1894 4584 w
10 R f
(\(4\),)2040 4584 w
10 I f
(stream)2206 4584 w
10 R f
(\(4\),)2486 4584 w
10 I f
(pw\256le)2652 4584 w
10 R f
(\(5\),)2899 4584 w
10 I f
(passwd)3065 4584 w
10 R f
(\(1\))3368 4584 w
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 4752 t
10 R f
(Jammable.)1080 4872 w
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 47)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 47 47
%%Page: 48 48
/saveobj save def
mark
48 pagesetup
10 R f
( \( 8 \))3 140( SYSLOG)1 4011(SYSLOG \( 8 \))3 529 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(syslog, logpr \261 system security logging)5 1567 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(priv syslog)1 660 1 1080 1368 t
10 I f
(command)1765 1368 w
10 R f
([)2178 1368 w
10 I f
(arg2)2236 1368 w
10 R f
([)2450 1368 w
10 I f
(arg3)2508 1368 w
10 R f
(] ])1 91 1 2722 1368 t
10 CW f
(/etc/logpr)1080 1536 w
10 I f
(\256le)1705 1536 w
10 R f
([)1852 1536 w
10 I f
(offset)1910 1536 w
10 R f
(])2152 1536 w
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1704 t
10 I f
(Syslog)1080 1824 w
10 R f
( License)1 364(controls the mandatory logging scheme.)4 1617 2 1370 1824 t
10 CW f
(T_LOG)3380 1824 w
10 R f
( variety of different com-)4 1028( The)1 210(is required.)1 453 3 3709 1824 t
( formats re\257ects the full complexity of the protean)8 2160(mands and command)2 889 2 1080 1944 t
10 I f
(syslog)4173 1944 w
10 R f
( the)1 166( In)1 152(\(2\) system call.)2 651 3 4431 1944 t
(usages given below a)3 851 1 1080 2064 t
10 I f
(mask)1956 2064 w
10 R f
(argument is a combination of letters)5 1440 1 2186 2064 t
10 CW f
(NILESDATUPX)3651 2064 w
10 R f
(, meaning:)1 422 1 4311 2064 t
10 CW f
(N)1080 2232 w
10 R f
(Record all uses of \256le names.)5 1176 1 1440 2232 t
10 CW f
(S)1080 2352 w
10 R f
(Record all seek calls.)3 848 1 1440 2352 t
10 CW f
(U)1080 2472 w
10 R f
(Record all writes to the `u area'.)6 1288 1 1440 2472 t
10 CW f
(I)1080 2592 w
10 R f
(Record all accesses of inode contents.)5 1513 1 1440 2592 t
10 CW f
(D)1080 2712 w
10 R f
(Record possession and use of \256le descriptors.)6 1817 1 1440 2712 t
10 CW f
(P)1080 2832 w
10 R f
(Record process history:)2 943 1 1440 2832 t
10 I f
(exec)2408 2832 w
10 R f
(\(2\),)2592 2832 w
10 I f
(fork)2758 2832 w
10 R f
(\(2\),)2927 2832 w
10 I f
(kill)3093 2832 w
10 R f
(\(2\),)3229 2832 w
10 I f
(exit)3395 2832 w
10 R f
(\(2\).)3547 2832 w
10 CW f
(L)1080 2952 w
10 R f
(Record all explicit changes of labels by)6 1575 1 1440 2952 t
10 I f
(set\257ab)3040 2952 w
10 R f
(\(see)3326 2952 w
10 I f
(get\257ab)3511 2952 w
10 R f
(\(2\)\) and)1 318 1 3791 2952 t
10 I f
(setplab)4134 2952 w
10 R f
(\(see)4448 2952 w
10 I f
(getplab)4633 2952 w
10 R f
(\(2\)\).)4941 2952 w
10 CW f
(A)1080 3072 w
10 R f
(Record all changes of labels.)4 1150 1 1440 3072 t
10 CW f
(X)1080 3192 w
10 R f
(Record all uses of privilege.)4 1123 1 1440 3192 t
10 CW f
(E)1080 3312 w
10 R f
(Record all)1 413 1 1440 3312 t
10 CW f
(ELAB)1878 3312 w
10 R f
(error returns.)1 520 1 2143 3312 t
10 CW f
(T)1080 3432 w
10 R f
(Record all uses of a traced \256le or process.)8 1665 1 1440 3432 t
(Valid arguments to)2 766 1 1080 3600 t
10 I f
(syslog)1871 3600 w
10 R f
(are:)2146 3600 w
10 CW f
(on)1080 3768 w
10 I f
(file logdev)1 470 1 1268 3768 t
10 R f
(Nominate)1440 3888 w
10 I f
(\256le)1881 3888 w
10 R f
( written to logging special \256le)5 1312(as repository for user generated logging records)6 2038 2 2050 3888 t
10 I f
(logdev)1440 4008 w
10 R f
(.)1714 4008 w
10 I f
(File)1790 4008 w
10 R f
( If)1 116( name, and must be openable for writing.)7 1639(must be a full path)4 748 3 1977 4008 t
10 I f
(logdev)4505 4008 w
10 R f
('s minor device)2 621 1 4779 4008 t
(number is zero,)2 632 1 1440 4128 t
10 I f
(\256le)2104 4128 w
10 R f
( \(kernel generated\) logging records.)4 1458(will also receive mandatory)3 1127 2 2258 4128 t
10 I f
(Logdev)4901 4128 w
10 R f
(may)5228 4128 w
(be a full path name or a minor device number.)9 1846 1 1440 4248 t
10 CW f
(off)1080 4368 w
10 I f
(logdev)1328 4368 w
10 R f
(Cancel the effect of an)4 902 1 1440 4488 t
10 CW f
(on)2367 4488 w
10 R f
(command.)2512 4488 w
10 CW f
(get)1080 4608 w
10 I f
(n)1328 4608 w
10 R f
(Print the value of the)4 842 1 1440 4608 t
10 I f
(n)2308 4608 w
10 R f
( of)1 110( Values)1 329( mask.)1 263(-th log)1 265 4 2366 4608 t
10 I f
(n)3360 4608 w
10 R f
(are 0, 1, 2, or 3 for the `poison' masks; 4 is `glo-)12 1963 1 3437 4608 t
(bal' mask.)1 416 1 1440 4728 t
10 CW f
(set)1080 4848 w
10 I f
(n mask)1 331 1 1328 4848 t
10 R f
(Set the value of the)4 771 1 1440 4968 t
10 I f
(n)2236 4968 w
10 R f
(-th log mask.)2 525 1 2294 4968 t
10 CW f
(fget)1080 5088 w
10 I f
(file)1388 5088 w
10 R f
(Print the poison level of)4 973 1 1440 5208 t
10 I f
(\256le)2441 5208 w
10 R f
(, one of the integers 0, 1, 2, or 3.)9 1325 1 2571 5208 t
10 I f
(File)3949 5208 w
10 R f
( a)1 73(must be the full path name of)6 1189 2 4138 5208 t
(readable \256le.)1 515 1 1440 5328 t
10 CW f
(fset)1080 5448 w
10 I f
(file n)1 254 1 1388 5448 t
10 R f
(Set the poison level of)4 894 1 1440 5568 t
10 I f
(\256le)2359 5568 w
10 R f
(to)2506 5568 w
10 I f
(n)2609 5568 w
10 R f
(.)2667 5568 w
10 I f
(File)2742 5568 w
10 R f
(must be the full path name of a readable \256le.)9 1780 1 2928 5568 t
10 CW f
(pget)1080 5688 w
10 I f
(pid)1388 5688 w
10 R f
(Print the logging mask of process)5 1341 1 1440 5808 t
10 I f
(pid)2806 5808 w
10 R f
(.)2942 5808 w
10 CW f
(pset)1080 5928 w
10 I f
(pid mask)1 409 1 1388 5928 t
10 R f
(Set the logging mask of process)5 1274 1 1440 6048 t
10 I f
(pid)2739 6048 w
10 R f
(to)2892 6048 w
10 I f
(mask)2995 6048 w
10 R f
(.)3208 6048 w
10 I f
(Logpr)1080 6216 w
10 R f
(converts to cryptic)2 763 1 1360 6216 t
9 R f
(ASCII)2156 6216 w
10 R f
( \256le described in)3 696(the cryptic binary format of a log)6 1385 2 2426 6216 t
10 I f
(log)4543 6216 w
10 R f
( optional)1 364(\(5\). The)1 357 2 4679 6216 t
(numerical byte offset tells where in the \256le printing is to start.)11 2470 1 1080 6336 t
9 R f
( S)1 2( LE ES)2 109( IL)1 57(F FI)1 82 4 720 6504 t
10 CW f
(/dev/log/log00)1080 6624 w
10 R f
(where)2040 6624 w
10 I f
(syslog)2308 6624 w
10 R f
(makes voluntary entries)2 954 1 2583 6624 t
9 R f
( O)1 2( SO)1 67( LS)1 52( AL)1 57( A)1 90( EE E)2 59(S SE)1 107 7 720 6792 t
10 I f
(syslog)1080 6912 w
10 R f
(\(2\),)1338 6912 w
10 I f
(log)1504 6912 w
10 R f
(\(4\),)1640 6912 w
10 I f
(log)1806 6912 w
10 R f
(\(5\).)1942 6912 w
9 R f
( S)1 2( CS)1 52( IC)1 62( TI)1 32( ST)1 57( AG GN NO OS)4 253( IA)1 67(D DI)1 97 8 720 7080 t
10 R f
(`Covert channel warning': the log \256le has a label that is neither top nor \257agged)14 3151 1 1080 7200 t
10 CW f
(L_NO)4256 7200 w
10 R f
(.)4496 7200 w
( 48)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 48 48
%%Page: 49 49
/saveobj save def
mark
49 pagesetup
10 R f
( \( 8 \))3 140( SYSLOG)1 4011(SYSLOG \( 8 \))3 529 3 720 480 t
9 R f
( S)1 2( UG GS)2 119(B BU)1 127 3 720 960 t
10 I f
(Logpr)1080 1080 w
10 R f
(is very primitive.)2 686 1 1350 1080 t
( 17, 1992)2 375( January)1 1689( Edition)1 320( Tenth)1 1977(Page 49)1 319 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 49 49
%%Page: 50 50
/saveobj save def
mark
50 pagesetup
10 R f
( \( 8 \))3 140( XS)1 4272(XS \( 8 \))3 268 3 720 480 t
9 R f
( E)1 2( ME)1 57(N NA AM)2 214 3 720 960 t
10 R f
(xs \261 checksums)2 627 1 1080 1080 t
9 R f
( S)1 2( IS)1 52( PS SI)2 84( YN NO OP)3 186(S SY)1 117 5 720 1248 t
10 CW f
(xs)1080 1368 w
10 R f
([ -s ] [ -k)4 354 1 1225 1368 t
10 I f
(keystring)1604 1368 w
10 R f
(] [ -f)2 182 1 1995 1368 t
10 I f
(of\256cial-list)2202 1368 w
10 R f
(])2661 1368 w
10 I f
(\256le)2719 1368 w
10 R f
(...)2849 1368 w
9 R f
( ON N)2 69( IO)1 67( TI)1 32( PT)1 57( IP)1 52( CR RI)2 94( SC)1 62( ES)1 52(D DE)1 122 9 720 1536 t
10 I f
(Xs)1080 1656 w
10 R f
(computes and reports checksums of named \256les, one report per line, in the form)13 3186 1 1205 1656 t
(filename s1 s2 s3 s4)4 805 1 1440 1824 t
( checksum algorithm may be per-)5 1369( The)1 211(where the checksum comprises four groups of four hex digits each.)10 2740 3 1080 1992 t
(turbed by specifying a)3 938 1 1080 2112 t
10 I f
(keystring)2059 2112 w
10 R f
(argument. The)1 623 1 2466 2112 t
10 CW f
(-s)3130 2112 w
10 R f
( and)1 184(argument causes the file's mode, label, owner)6 1925 2 3291 2112 t
(group to enter into the checksum calculation.)6 1800 1 1080 2232 t
(The)1080 2400 w
10 CW f
(-f)1265 2400 w
10 R f
(argument causes)1 667 1 1415 2400 t
10 I f
(xs)2112 2400 w
10 R f
( the)1 153(to verify checksums of files against values given in)8 2087 2 2225 2400 t
10 I f
(official-list)4496 2400 w
10 R f
(file, which)1 433 1 4967 2400 t
(has the format of the output of an earlier)8 1653 1 1080 2520 t
10 I f
(xs)2763 2520 w
10 R f
( groups)1 301(run: lines consisting of one file name followed by four)9 2223 2 2876 2520 t
( after a)2 276( Text)1 233(of hex digits per line.)4 852 3 1080 2640 t
10 CW f
(#)2466 2640 w
10 R f
(sign is ignored.)2 614 1 2551 2640 t
( whose checksum agrees with that of)6 1529(The checksum algorithm used is meant to be secure: to create a file)12 2791 2 1080 2808 t
(another given file is very difficult.)5 1370 1 1080 2928 t
9 R f
( S)1 2( LE ES)2 109( PL)1 57( MP)1 52( XA AM)2 149(E EX)1 122 6 720 3096 t
10 CW f
(xs -s `find /bin -print` | xs /dev/stdin)7 2400 1 1080 3216 t
10 R f
(This should return a different value if)6 1497 1 1440 3384 t
10 CW f
(/bin)2962 3384 w
10 R f
(changes in any way.)3 809 1 3227 3384 t
( 50)1 125( Page)1 1939( Edition)1 320( Tenth)1 1611(January 17, 1992)2 685 5 720 7680 t
cleartomark
showpage
saveobj restore
%%EndPage: 50 50
%%Trailer
done
%%Pages: 50
%%DocumentFonts: Courier Times-Bold Times-Italic Times-Roman Symbol