Default Security Attributes

The Default Label, Default Clearance, and optional Forced Privileges in the Interface Manager are rarely useful. They would be used when a Trusted Solaris computer is communicating with a computer that is running an operating system that does not recognize labels or privileges, such as the Solaris operating environment, and then only if the same fields have been left empty in the template that applies to the single-label computer. For example, the Security Administrator role might create an entry for a second interface on the local computer that would apply the same label, clearance, and optional forced privileges to all computers running Solaris on the network that is connected to the second interface. These fields could then be left empty in any templates that cover the computers (as specified in the Security Families tool in Computers and Networks).

Default Label

The Default Label should reflect the level of trust that is appropriate for the computer and its users.

Default Clearance

The Default Clearance sets the upper limit for write operations performed on the Trusted Solaris computer by someone on the unlabeled computer. For example, on an unlabeled computer with a Default Label of CONFIDENTIAL and Default Clearance of SECRET, a user who is working on a file system mounted from a Trusted Solaris computer can open an upgraded file with a label of SECRET and write into it (if the file's name is known to that user).

Forced Privileges

An unlabeled computer does not recognize privileges. Specifying privileges in the Forced Privileges field affects only how the Trusted Solaris system handles requests from a program that is running on the unlabeled computer. Specifying privileges enables a client from an unlabeled computer to do something not otherwise permitted, such as reading a file whose label dominates that of the client or communicating with X clients owned by another user. If the corresponding values are set in a template that covers the computer, the value in the template takes precedence over the values specified for the network interface.

The following describes whose values are used for a network interface:

1. Is the needed value specified in a remote host template?

   1. If yes, the value in the template is used

   2. If no, is the needed value specified in an entry for the interface?

      1. If yes, use the value specified for the interface.

      2. If no, use the default value.