test

Trusted Solaris Administrator's Procedures

Evaluating a Program for Security

The security administrator is responsible for testing and evaluating new software. When your site wants to add any existing programs to a Trusted Solaris environment, whether it is an application written outside of your organization, a Solaris software program, or a program written in house, the security administrator makes the final determination. Part of the determination is technical, and part is affected by site policy and procedures.

  1. Find out if the application runs without changes in the Trusted Solaris environment.

    If it runs without privilege or any modification, the System Administrator role can install the application.

  2. If the program fails to run, find out why.

    Some software packages and third-party applications written for the Solaris environment cannot run because of certain modifications made to the Trusted Solaris operating environment to enforce security policy. For example, software that links with the kernel may be incompatible with Trusted Solaris modified kernel data structures. For similar reasons, loadable device drivers and other software may not be capable of operating in the environment unless changes are made to the code.

    If the program does not rely on aspects of the Solaris operating environment that have been modified for the Trusted Solaris environment, but it fails without privileges, find out what privileges or other attributes it needs.

  3. If the program does require the use of privilege, assess whether the program will use its privileges in a trustworthy manner. See "Considering When to Add Privilege".

    If the program cannot use its privileges in a trustworthy manner and it cannot be modified, do not make it available.

  4. If the program can safely run with the privileges or other security attributes in a manner that does not violate security policy, you may then assign the required privileges as described in "Assigning Inheritable Privileges to a Command or Action".

    If you make privileges available to a program, you need to make sure that any libraries used by the program are identified as trusted. See "Making Libraries Trusted ".

  5. If you can modify the program's source code, a security consultant or programmer knowledgeable about security can modify the code.

    These modifications might include privilege bracketing or adding code that makes the program aware of the Trusted Solaris security policy. You may then add privileges and trusted libraries. See "Making Libraries Trusted ".