Earlier, we talked about the security issues of looking at system crash dumps. The live, running system also needs to be protected. Since the kernel image and the contents of memory are considered vital and since looking at memory could get around any permissions that might otherwise prevent you from looking at data on the system, the kernel and memory files are restricted. By default, only root can adb the live, running kernel. On Solaris 1 systems, regular nonroot users who are added into group 2, the kmem group in the /etc/group file, may adb the running kernel. On Solaris 2, there is no special group that allows nonroot users to inspect and modify the kernel. |