Re: Security around Solaris 10 zones

From: Casper H.S. Dik (Casper.Dik_at_Sun.COM)
Date: 02/24/05 

Date: 23 Feb 2005 23:19:35 GMT

Peter Penn <zen25686@zen.co.uk> writes:

>This is interesting, thanks Casper. Do you know if details and/or
>results of this hackathon were ever, or could be, published?

Well, one of the results was that rather than putting more
bandaids on bug 4729683, we decided to fix it properly.

We, of course, had complete source which made hacking much
easier but specifically much quicker; in the end you assume
that your opponent has full knowledge; having engineers who
already understand much of the system from the outset and
who have access to all changes made for zones made the hack fest
fast and furious.

And of course there were holes; there were some remaining
trust relations between the automount daemon and the kernel
so I dropped in a replacement automount daemon which abused
that trust relationship.

>Did you managed to break any of the security controls around zones and
>would you feel confident in putting them into sensistive production
>environments (defence, health, finance etc.) or confine them to
>development/test environments and less sensitive prod environs, leaving
>security conscious services on a resource managed domains platform?

I think that it's a pretty solid product after we'd given it a good
whack; the resource management picture isn't complete so one
zone can seriously affect others.

Personally, I do feel it certainly holds up to commercial
separation requirements such as required by recent legislation.

We trust it enough to build Trusted Solaris on.

Casper 

-- 
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
Quantcast