set system privileges for this process
cc . . . -lprot
int setpriv (privtype, privs)
routine sets the system privilege vector for the current process to
that in the user-supplied privs vector.
This vector should have at least SEC_SPRIVVEC_SIZE (a system constant)
argument may only contain the privilege type
SEC_EFFECTIVE_PRIV (another system constant).
At system initialization, all privileges are included.
System privileges are inherited by all children of any process and must
call the setpriv routines
themselves to further restrict system privileges.
The system privilege vector contains per-process
rivileges used by the TCB.
The following system privileges are defined:
With this privilege, the process can output the string to set or
change the terminal label, or otherwise modify the field where the
terminal label resides.
Without this privilege, the sequence to set the terminal label is intercepted
by the system and altered to a harmless (to the label field) sequence.
Allow a SUID program to access any pathname, subject to the normal
discretionary access checking.
Without this privilege, a SUID program, after invoking
to change identity from the program owner to the real user,
may only access a pathname (restricted to the real user) in
or under the current directory.
Path names above the current directory are only accessible if the program
owner may access them.
Changing the current directory has no effect on this, for the current
directory at the time of the SUID
program execution (called the promain root) is remembered.
open files continue to be accessible, no matter how they were opened.
Until this privilege was devised, a user had no protection against
errant or malicious SUID programs.
The privilege provides a means for the process to restrict the environment
used by the SUID program, so that the program owner cannot usurp files
owned by the real UID.
With this privilege off, the user may run a SUID program with the
current directory the root of a subtree that contains no important
Any attempt to access a pathname above the current directory
returns an error of [ENOENT].
This mechanism prevents many kinds of Trojan horses fromSUID
programs, where the SUID program uses the
call to assign the effective UID to the real UID
so that files inaccessible to the prior effective UID
become accessible, all
done without the knowledge or consent of the session user.
The process does its own auditing.
The system does not produce audit records for this process.
Allow a program to set the SUID or SGID bits on a file.
Turning this privilege off prevents a new user from accidentally
propagating his identity.
Turning this privilege off and running an untrusted program prevents that
program from secretly creating a file owned by you (like a copy of
and setting the SUID bit so that it can run as you unrestricted.
There are other similar uses.
Allow a program to give a file away (either the user or group).
This privilege is needed for a user to execute the System V
Without this privilege, a user operates with the
semantics of BSD, where a normal user cannot give a file away.
The process may execute SUID programs.
Without this privilege, the process cannot execute any SUID
program not set to the same process owner.
Upon successful completion,
routine returns a value of zero.
If the routine fails, a value of -1 is returned and
errno is set to indicate the appropriate error.
If one of the following conditions occurs,
routine fails and
is set to the corresponding value:
privs points to an invalid address.
privs has more privileges set than what the process has currently.
privtype is not set to SEC_EFFECTIVE_PRIV.
The setpriv routine is an extension of AT&T System V
provided by the Santa Cruz Operation.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003