The runtime linker categorizes a process as secure if the user is not a super-user, and
either the real user and effective user identifiers are not equal, or the real group and
effective group identifiers are not equal. See getuid(2), geteuid(2), getgid(2), and
getegid(2).
The default trusted directory known to the runtime linker is /usr/lib/secure for
32-bit objects or /usr/lib/secure/64 for 64-bit objects. The utility crle(1) may be
used to specify additional trusted directories applicable for secure applications.
Administrators who use this technique should ensure that the target directories are
suitably protected from malicious intrusion.
If an LD_LIBRARY_PATH environment variable is in effect for a secure process, then
only the trusted directories specified by this variable will be used to augment the
runtime linker’s search rules.
In a secure process, any runpath specifications provided by the application or any of
its dependencies will be used, provided they are full pathnames, that is, the pathname
starts with a ’/’.
In a secure process, the expansion of the $ORIGIN string is allowed only if it expands
to a trusted directory.
In a secure process, LD_SIGNAL is ignored.
Additional objects may be loaded with a secure process using the LD_PRELOAD,or
LD_AUDIT environment variables. These objects must be specified as full pathnames
or simple file names. Full pathnames are restricted to known trusted directories. Simple
file names, in which no ’/’ appears in the name, are located subject to the search path
restrictions previously described, and thus will only resolve to known trusted
directories.
In a secure process, any dependencies that consist of simple filenames will be
processed using the pathname restrictions previously described. Dependencies that
are expressed as full or relative pathnames will be used as is. Therefore, the developer
of a secure process should ensure that the target directory referenced as a full or
relative pathname dependency is suitably protected from malicious intrusion.
When creating a secure process, it is recommended that relative pathnames not be
used to express dependencies or to construct dlopen(3DL) pathnames. This

applications.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE ATTRIBUTE VALUE
Availability SUNWcsu
crle(1), gprof(1), ld(1), ldd(1), exec(2), getegid(2), geteuid(2), getuid(2),
kill(2), mmap(2), profil(2), dladdr(3DL), dlclose(3DL), dldump(3DL),
dlerror(3DL), dlopen(3DL), dlsym(3DL), proc(4), attributes(5)
Linker and Libraries Guide
Care should be exercised when using LD_PROFILE in combination with other process
monitoring techniques (for example, users of proc(4)) as deadlock conditions can
result that leave the profile buffer locked. A locked buffer will block any processes that
ld.so.1(1)
FILES
ATTRIBUTES
SEE ALSO
NOTES
User Commands 683
try to record profiling information. To reduce this likelihood, the runtime linker’s
profile implementation determines if the process is being monitored at startup, and if
so, silently disables profiling of the process. However, this mechanism can not catch
monitoring processes that attach to the process during its execution.
The user compatibility library /usr/lib/ provides a mechanism that
establishes a value of 0 at location 0. Some applications exist that erroneously assume
a null character pointer should be treated the same as a pointer to a null string. A
segmentation violation will occur in these applications when a null character pointer
is accessed. If this library is added to such an application at runtime using
LD_PRELOAD, it provides an environment that is sympathetic to this errant behavior.
However, the user compatibility library is intended neither to enable the generation of
such applications, nor to endorse this particular programming practice.
ld.so.1(1)

used with the -w option). yytext[ ] is of type unsigned
char[ ].
-n Suppress the summary of statistics usually written with the -v
option. If no table sizes are specified in the lex source code and
the -v option is not specified, then -n is implied.
-t Write the resulting program to standard output instead of
lex.yy.c.
-v Write a summary of lex statistics to the standard error. (See the
discussion of lex table sizes under the heading Definitions in
lex.) If table sizes are specified in the lex source code, and if the
-n option is not specified, the -v option may be enabled.
-w Generate a program that can handle EUC characters (cannot be
used with the -e option). Unlike the -e option, yytext[ ] is of
type wchar_t[ ].
-V Print out version information on standard error.
-Q[y|n] Print out version information to output file lex.yy.c by using
-Qy. The -Qn option does not print out version information and is
the default.
The following operand is supported:
file A pathname of an input file. If more than one such file is specified, all
files will be concatenated to produce a single lex program. If no file
operands are specified, or if a file operand is −, the standard input will be
used.
If the -t option is specified, the text file of C source code output of lex will be written
to standard output.
If the -t option is specified informational, error and warning messages concerning the
contents of lex source code input will be written to the standard error.
lex(1)
NAME
SYNOPSIS

During pattern matching, lex searches the set of patterns for the single longest
possible match. Among rules that match the same number of characters, the rule given
first will be chosen.
The general format of lex source is:
Definitions
%%
Rules
%%
User Subroutines
The first %% is required to mark the beginning of the rules (regular expressions and
actions); the second %% is required only if user subroutines follow.
Any line in the Definitions in lex section beginning with a blank character will be
assumed to beaCprogram fragment and will be copied to the external definition area
of the lex.yy.c file. Similarly, anything in the Definitions in lex section
included between delimiter lines containing only %{ and %} will also be copied
unchanged to the external definition area of the lex.yy.c file.
lex(1)
Output Files
EXTENDED
DESCRIPTION
User Commands 687
Any such input (beginning with a blank character or within %{ and %} delimiter lines)
appearing at the beginning of the Rules section before any rules are specified will be
written to lex.yy.c after the declarations of variables for the yylex function and
before the first line of code in yylex. Thus, user variables local to yylex can be
declared here, as well as application code to execute upon entry to yylex.
The action taken by lex when encountering any input beginning with a blank
character or within %{ and %} delimiter lines appearing in the Rules section but
coming after one or more rules is undefined. The presence of such input may result in
an erroneous definition of the yylex function.

Definitions in lex
688 man pages section 1: User Commands • Last Revised 22 Aug 1997
extern char yytext[]
If %pointer is specified, then the correct external reference is of the form:
extern char *yytext;
lex will accept declarations in the Definitions in lex section for setting certain
internal table sizes. The declarations are shown in the following table.
Table Size Declaration in lex
Declaration Description Default
%pn Number of positions 2500
%nn Number of states 500
%a n Number of transitions 2000
%en Number of parse tree nodes 1000
%kn Number of packed character classes 10000
%on Size of the output array 3000
Programs generated by lex need either the -e or -w option to handle input that
contains EUC characters from supplementary codesets. If neither of these options is
specified, yytext is of the type char[ ], and the generated program can handle only
ASCII characters.
When the -e option is used, yytext is of the type unsigned char[ ] and yyleng
gives the total number of bytes in the matched string. With this option, the macros
input(), unput(c), and output(c) should do a byte-based I/O in the same way as
with the regular ASCII lex. Two more variables are available with the -e option,
yywtext and yywleng, which behave the same as yytext and yyleng would under
the -w option.
When the -w option is used, yytext is of the type wchar_t[ ] and yyleng gives
the total number of characters in the matched string. If you supply your own input(),
unput(c),oroutput(c) macros with this option, they must return or accept EUC
characters in the form of wide character (wchar_t). This allows a different interface
between your program and the lex internals, to expedite some programs.

The regular expression r will be matched only when the program is in one of the
start conditions indicated by state, state1, and so forth; for more information see
Actions in lex (As an exception to the typographical conventions of the rest of
this document, in this case <state> does not represent a metavariable, but the literal
angle-bracket characters surrounding a symbol.) The start condition is recognized
as such only at the beginning of a regular expression.
r/x
The regular expression r will be matched only if it is followed by an occurrence of
regular expression x. The token returned in yytext will only match r. If the trailing
portion of r matches the beginning of x, the result is unspecified. The r expression
cannot include further trailing context or the $ (match-end-of-line) operator; x
cannot include the ^ (match-beginning-of-line) operator, nor trailing context, nor
the $ operator. That is, only one occurrence of trailing context is allowed in a lex
regular expression, and the ^ operator only can be used at the beginning of such an
expression. A further restriction is that the trailing-context operator / (slash) cannot
be grouped within parentheses.
{name}
When name is one of the substitution symbols from the Definitions section, the
string, including the enclosing braces, will be replaced by the substitute value. The
substitute value will be treated in the extended regular expression as if it were
enclosed in parentheses. No substitution will occur if {name} occurs within a
bracket expression or within double-quotes.
lex(1)
User Subroutines
in lex
Regular
Expressions in lex
690 man pages section 1: User Commands • Last Revised 22 Aug 1997
Within an ERE, a backslash character ( \\, \a, \b, \f, \n, \r, \t, \v)is
considered to begin an escape sequence. In addition, the escape sequences in the

The character whose
encoding is
represented by the
hexadecimal integer.
\c A backslash character followed by any character
not described in this table. (\\, \a, \b, \f, \en,
\r, \t, \v).
The character c,
unchanged.
The order of precedence given to extended regular expressions for lex is as shown in
the following table, from high to low.
Note: The escaped characters entry is not meant to imply that these are operators,
but they are included in the table to show their relationships to the true
operators. The start condition, trailing context and anchoring notations
have been omitted from the table because of the placement restrictions
described in this section; they can only appear at the beginning or ending
of an ERE.
lex(1)
User Commands 691
ERE Precedence in lex
collation-related bracket symbols [= =] [: :] [. .]
escaped characters \<special character>
bracket expression []
quoting " "
grouping ()
definition {name}
single-character RE duplication *+?
concatenation
interval expression {m,n}
alternation |

xx, is returned by some implementations because xxx matches x*.
In the rule ab*/bc, the b* at the end of r will extend r’s match into the beginning of the
trailing context, so the result is unspecified. If this rule were ab/bc, however, the rule
matches the text ab when it is followed by the text bc. In this latter case, the matching
of r cannot extend into the beginning of x, so the result is specified.
The action to be taken when an ERE is matched can beaCprogram fragment or the
special actions described below; the program fragment can contain one or more C
statements, and can also include special actions. The empty C statement ; is a valid
action; any string in the lex.yy.c input that matches the pattern portion of such a
rule is effectively ignored or skipped. However, the absence of an action is not valid,
and the action lex takes in such a condition is undefined.
The specification for an action, including C statements and special actions, can extend
across several lines if enclosed in braces:
ERE <one or more blanks> { program statement
program statement }
The default action when a string in the input to a lex.yy.c program is not matched
by any expression is to copy the string to the output. Because the default behavior of a
program generated by lex is to read the input and copy it to the output, a minimal
lex source program that has just %% generatesaCprogram that simply copies the
input to the output unchanged.
Four special actions are available:
| ECHO; REJECT; BEGIN
| The action | means that the action for the next rule is the action for
this rule. Unlike the other three actions, | cannot be enclosed in
braces or be semicolon-terminated; it must be specified alone, with
no other actions.
ECHO; Write the contents of the string yytext on the output.
REJECT; Usually only a single expression is matched by a given string in
the input. REJECT means "continue to the next expression that
matches the current input," and causes whatever rule was the

of yytext rather than replacing it; the value in yyleng is
adjusted accordingly.
intyyless(int n) Retains n initial characters in yytext, NUL-terminated,
and treats the remaining characters as if they had not
been read; the value in yyleng is adjusted accordingly.
int input(void) Returns the next character from the input, or zero on
end-of-file. It obtains input from the stream pointer
yyin, although possibly via an intermediate buffer.
Thus, once scanning has begun, the effect of altering
the value of yyin is undefined. The character read is
removed from the input stream of the scanner without
any processing by the scanner.
int unput(int c) Returns the character c to the input; yytext and yyleng
are undefined until the next expression is matched. The
result of using unput for more characters than have
been input is unspecified.
The following functions appear only in the lex library accessible through the -l l
operand; they can therefore be redefined by a portable application:
lex(1)
694 man pages section 1: User Commands • Last Revised 22 Aug 1997
int yywrap(void)
Called by yylex at end-of-file; the default yywrap always will return 1. If the
application requires yylex to continue processing with another source of input,
then the application can include a function yywrap, which associates another file
with the external variable FILE *yyin and will return a value of zero.
int main(int argc, char *argv[])
Calls yylex to perform lexical analysis, then exits. The user code can contain main
to perform application-specific operations, calling yylex as applicable.
The reason for breaking these functions into two lists is that only those functions in
libl.a can be reliably redefined by a portable application.

printf("An integer: %s (%d)\n", yytext,
atoi(yytext));
lex(1)
USAGE
EXAMPLES
User Commands 695
EXAMPLE 1 Using lex (Continued)
}
{DIGIT}+"."{DIGIT}* {
printf("A float: %s (%g)\n", yytext,
atof(yytext));
}
if|then|begin|end|procedure|function {
printf("A keyword: %s\n", yytext);
}
{ID} printf("An identifier: %s\n", yytext);
"+"|"-"|"*"|"/" printf("An operator: %s\n", yytext);
"{"[^}\n]*"}" /* eat up one-line comments */
[ \t\n]+ /* eat up white space */
. printf("Unrecognized character: %s\n", yytext);
%%
int main(int argc, char *argv[ ])
{
++argv, argc; /* skip over program name */
if (argc > 0)
yyin = fopen(argv[0], "r");
else
yyin = stdin;
yylex();
}

ulimit [-HSacdfnstv] [limit]
The ulimit utility sets or reports the file-size writing limit imposed on files written
by the shell and its child processes (files of any size may be read). Only a process with
appropriate privileges can increase the limit.
The Bourne shell built-in function, ulimit, prints or sets hard or soft resource limits.
These limits are described in getrlimit(2).
If limit is not present, ulimit prints the specified limits. Any number of limits may be
printed at one time. The -a option prints all limits.
If limit is present, ulimit sets the specified limit to limit. The string unlimited
requests the largest valid limit. Limits may be set for only one resource at a time. Any
user may set a soft limit to any value below the hard limit. Any user may lower a hard
limit. Only a super-user may raise a hard limit; see su(1M).
The -H option specifies a hard limit. The -S option specifies a soft limit. If neither
option is specified, ulimit will set both limits and print the soft limit.
The following options specify the resource whose limits are to be printed or set. If no
option is specified, the file size limit is printed or set.
-c maximum core file size (in 512-byte blocks)
-d maximum size of data segment or heap (in kbytes)
-f maximum file size (in 512-byte blocks)
-n maximum file descriptor plus 1
-s maximum size of stack segment (in kbytes)
-t maximum CPU time (in seconds)
-v maximum size of virtual memory (in kbytes)
limit(1)
NAME
SYNOPSIS
sh
csh
ksh
/usr/bin/ulimit

do this.
The Korn shell built-in function, ulimit, sets or displays a resource limit. The
available resources limits are listed below. Many systems do not contain one or more
of these limits. The limit for a specified resource is set when limit is specified. The
value of limit can be a number in the unit specified below with each resource, or the
value unlimited. The -H and -S flags specify whether the hard limit or the soft limit
for the given resource is set. A hard limit cannot be increased once it is set. A soft limit
can be increased up to the value of the hard limit. If neither the -H or -S options is
limit(1)
csh
ksh
User Commands 699
specified, the limit applies to both. The current resource limit is printed when limit is
omitted. In this case, the soft limit is printed unless -H is specified. When more than
one resource is specified, then the limit name and unit is printed before the value.
-a Lists all of the current resource limits.
-c The number of 512-byte blocks on the size of core dumps.
-d The number of K-bytes on the size of the data area.
-f The number of 512-byte blocks on files written by child processes (files of
any size may be read).
-n The number of file descriptors plus 1.
-s The number of K-bytes on the size of the stack area.
-t The number of seconds (CPU time) to be used by each process.
-v The number of K-bytes for virtual memory.
If no option is given, -f is assumed.
The following option is supported by ulimit:
-f Set (or report, if no blocks operand is present), the file size limit in blocks.
The -f option is also the default case.
The following operand is supported by ulimit:
blocks The number of 512-byte blocks to use as the new file size limit.

To limit the size of a core dump file size to 0 kilobytes:
% limit coredumpsize 0
% limit
cputime unlimited
filesize unlimited
datasize 523256 kbytes
stacksize 8192 kbytes
coredumpsize 0 kbytes
descriptors 64
memorysize unlimited
EXAMPLE 4 Removing the limitation for core file size
To remove the above limitation for the core file size:
% unlimit coredumpsize
% limit
cputime unlimited
filesize unlimited
datasize 523256 kbytes
stacksize 8192 kbytes
coredumpsize unlimited
descriptors 64
memorysize unlimited
See environ(5) for descriptions of the following environment variables that affect the
execution of ulimit: LC_CTYPE, LC_MESSAGES, and NLSPATH.
The following exit values are returned by ulimit:
0 Successful completion.
>0 A request for a higher limit was rejected or an error occurred.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE ATTRIBUTE VALUE
Availability SUNWcsu
bc(1), csh(1), ksh(1), sh(1), df(1M), su(1M), swap(1M), sysdef(1M), getrlimit(2),

lint – C program verifier
/usr/ucb/lint [options]
/usr/ucb/lint is the interface to the BSD Compatibility Package C program
verifier. It is a script that looks for the link /usr/ccs/bin/ucblint to the C
program verifier. /usr/ccs/bin/ucblint is available only with the SPROcc
package, whose default location is /opt/SUNWspro. /usr/ucb/lint is identical to
/usr/ccs/bin/ucblint, except that BSD headers are used and BSD libraries are
linked before base libraries. The /opt/SUNWspro/man/man1/lint.1 man page is
available only with the SPROcc package.
/usr/ucb/lint accepts the same options as /usr/ccs/bin/ucblint, with the
following exceptions:
-Idir Search dir for included files whose names do not begin with a
slash ( / ) prior to searching the usual directories. The directories
for multiple -I options are searched in the order specified. The
preprocessor first searches for #include files in the directory
containing sourcefile, and then in directories named with -I
options (if any), then /usr/ucbinclude, and finally, in
/usr/include.
-Ldir Add dir to the list of directories searched for libraries by
/usr/ccs/bin/ucblint. This option is passed to
/usr/ccs/bin/ld. Directories specified with this option are
searched before /usr/ucblib and /usr/lib.
-Y P, dir Change the default directory used for finding libraries.
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
/usr/lint/bin/ld link editor
/usr/lib/libc C library
/usr/ucbinclude BSD Compatibility directory for header files
/usr/ucblib BSD Compatibility directory for libraries

-l [device] Lists the pathname(s) of the device special files associated with the
device that are allocatable to the current process. If device is given,
lists only the files associated with the specified device.
-n [device] Lists the pathname(s) of device special files associated with the
device that are allocatable to the current process but are not
currently allocated. If device is given, lists only the files associated
with that device.
-s Silent. Suppresses any diagnostic output.
-u [device] Lists the pathname(s) of device special files, associated with the
device that are allocated to the owner of the current process. If
device is given, list only the files associated with that device.
-U uid Uses the user ID uid instead of the real user ID of the current
process when performing the list_devices operation. Only a
user with the solaris.devices.revoke authorization can use
this option.
The following exit values are returned:
non—zero An error occurred.
/etc/security/device_allocate
/etc/security/device_maps
/etc/security/dev/*
/usr/security/lib/*
See attributes(5) for descriptions of the following attributes:
list_devices(1)
NAME
SYNOPSIS
DESCRIPTION
OPTIONS
EXIT STATUS
FILES
ATTRIBUTES