Cooperating to Create a Trusted Program

Even though a program's developer can manipulate privilege sets in the program's source code, if the Security Administrator role does not assign the required privileges, the program will fail. The developer and security administrator cooperate when creating trusted programs.

Developer's Responsibilities

A developer who writes a program to be added to a Trusted Solaris environment must do the following:

1. Understand whether the program requires privileges to do its work.

2. Know and follow techniques, such as privilege bracketing, for safely using privileges in programs.

3. Be aware of the security implications when assigning privileges to a program and make sure that the program does not violate security policy.

4. Compile using shared libraries linked to the program from a trusted directory.

   See the Trusted Solaris Developer's Guide for additional guidelines and examples of using privileges in programs.

Security Administrator Role`s Responsibilities

The Security Administrator role must ensure that a program that uses Trusted Solaris system calls and routines not compromise the security of the Trusted Solaris environment in any way.

1. Make sure the programmer and the program distribution process is trusted.

2. From one of these sources, find out which privileges are required by the program:

   1. Ask the programmer.

   2. Search the source code for any privileges that the program expects to use.

   3. Use the runpd command as described in "To Find Out Which Privileges a Program Needs".

3. Scrutinize the source code to make sure it behaves in a trustworthy manner when using the privileges it needs to operate.