Re: Trusted Solaris

From: Rocke Robertson (rocker_at_tiger.pwgsc.gc.ca)
Date: 04/30/03

Next message: nacho: "Re: IMAP on software companion help"
Previous message: nacho: "Re: installing sasl on solaris 9"
In reply to: K Stahl: "Re: Trusted Solaris"
Next in thread: Rich Teer: "Re: Trusted Solaris"
Reply: Rich Teer: "Re: Trusted Solaris"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 30 Apr 2003 10:54:50 -0400

K Stahl wrote:

> Rich Teer wrote:
> >
> > On Wed, 30 Apr 2003, K Stahl wrote:
> >
> > > I was always under the impression that it was ideologically not possible
> > > to have a trusted version of Unix, but I recently noticed that there is
> > > such a thing as Trusted Solaris.
> >
> > Trusted SOlaris has been around for YEARS.
> >
> > > Is anyone familiar with that? If so, what compromises did they have to
> > > make in order to actually produce a trusted Unix OS? I've worked with
> > > trusted VMS in the past and with that OS the leap between the trusted
> > > form and the non-trusted form wasn't very great - mostly just a
> > > sysadmin's nightmare to make sure that all of the bases were covered for
> > > correct permissions of each login account. But with all of the various
> > > inherent security weaknesses of Unix I just don't see how various levels
> > > of access could be set up properly.
> > >

file permissions etc... dont really play a large role in trusted solaris. Its
data labels that have a sensitivity associated with them. Newer versions of
trusted Solaris have ACL's now I believe. The neat thing is that root on these
systems is pretty much meaningless, its all role based. What this means is that
a root exploit doesn't buy you much.

Mostly a bloody miserable system to administrate, but secure. Older SunOS 4.x
based trusted unix didn't have gui's or at least didn't have nice ones to
administrate (as far as I can remember) but the newer Solaris based trusted
unixes do.

~rocker

Next message: nacho: "Re: IMAP on software companion help"
Previous message: nacho: "Re: installing sasl on solaris 9"
In reply to: K Stahl: "Re: Trusted Solaris"
Next in thread: Rich Teer: "Re: Trusted Solaris"
Reply: Rich Teer: "Re: Trusted Solaris"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: What rights do users have?
... >> Let me expand on what Rich said a bit. ... >> unlike trusted solaris, root is still god. ... >privileges. ...
(comp.unix.solaris)
Re: privacy on Unix-servers
... the root user can see everything on the machine. ... There are some Unices featuring ACLs. ... of their Solaris known as "Trusted Solaris" ... data from being snooped by root is to encrypt it. ...
(comp.security.unix)