Read and use Trusted Solaris Installation and Configuration (PN 816–1040–10) to guide you in configuring the Trusted SolarisTM operating environment. The differences between a Trusted Solaris operating environment and a SolarisTM operating environment require planning and guidance during installation and configuration. Differences occur in labels, clearance confirmations, obligatory passwords, security configuration choices, name service domain setup, secure network setup, and no superuser.
The Trusted Solaris 8 HW 12/02 operating environment upgrades the Trusted Solaris 8 4/01 release. The operating environment also enhances the following software with security:
Solaris 8 HW 12/02 operating environment
X Windows, version 11.0
CDE 1.4.8 (Common Desktop Environment)
Solaris Management Console 2.0.0 administrative interface
The release incorporates patches that were released for the Trusted Solaris 8 4/01 operating environment. The release also incorporates patches to the window system, and patches for the Solaris, CDE, and the Solaris Management Console releases.
As of this release, you can safely apply many patches that are available for the standard releases of Solaris software, CDE, X Windows, or the Solaris Management Console. Trusted Solaris software is repackaged to reflect differences from Solaris software packages only where such differences exist. Use the command showrev -p to list the patches that have been applied to the system.
The sections in this document are as follows:
For assistance in using the Trusted Solaris document set, see the Trusted Solaris 8 HW 12/02 Roadmap (PN 817-1392-10) document.
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
For additional information about the Trusted Solaris product, visit the http://www.sun.com/trustedsolaris web site.
Read the following books:
Trusted Solaris 8 HW 12/02 Release Notes – This document. For bugs that have been fixed between the Trusted Solaris 8 4/01 and Trusted Solaris 8 HW 12/02 releases.
Trusted Solaris 8 HW 12/02 Transition Guide – For changes from the Trusted Solaris 7, Trusted Solaris 8, and Trusted Solaris 8 4/01 releases to the current release. Also, for differences between the Trusted Solaris releases and their Solaris counterparts.
Solaris 8 2/02 What's New – For features that the Trusted Solaris 8 HW 12/02 release inherits from the Solaris 8 software release.
Solaris 8 (SPARC Platform Edition) 2/02 Release Notes – For information about the Solaris 8 software release.
Solaris 8 (Intel Platform Edition) 2/02 Release Notes – For information about the Solaris 8 software release.
The Trusted Solaris 8 HW 12/02 release supports the workstation, server, and peripherals hardware supported by the Solaris 8 HW 12/02 release. See the following books:
Solaris 8 HW 12/02 Sun Hardware Platform Guide in the Solaris 8 HW 12/02 on Sun Hardware Collection
Solaris 8 (Intel Platform Edition) 2/02 Hardware Compatibility List
The Trusted Solaris 8 HW 12/02 release includes all product patches and bug fixes incorporated into the Solaris 8 HW 12/02 release. Use the showrev -p command to see the list of patches that are included in the release.
Additional bug fixes that are included in the Trusted Solaris 8 HW 12/02 release are listed in the following table. Most of the fixes are security bug fixes.
Table 1–1 Solaris Bug Fixes Incorporated Into the Trusted Solaris 8 HW 12/02 Release
Solaris Bug Number |
Synopsis |
---|---|
1159193 |
fmodsw needs to be dynamically allocated |
1255897 |
Arbitrary data attributes are being printed by praudit in a confusing way |
1262891 |
fbconsole core dumps if incorrect permissions on /tmp |
4059965 |
praudit has problems displaying paths with non-ASCII characters |
4280870 |
pcmcia is writing a directory and file that is owned by root |
4367223 |
In certain erroneous conditions the mount() call leaves kernel locks held |
4382410 |
“Missing message #18022” displays on front panel at installation |
4397459 |
*ed* creates temporary files in an insecure manner |
4457722 |
MLD general queries with maximum report delay of 0 can panic the Solaris x86 kernel |
4464517 |
RED State Exception on SB100/SB1000 while booting with Addonics USB DVD |
4508268 |
praudit and auditreduce do not work with RBAC profile entries |
4545809 |
mount() system call can panic machine |
4545858 |
mount(2) man page is incorrect with several issues |
4548739 |
Security vulnerability involving pmconfig |
4617380 |
Panic: assertion failure pm_cfb_comps_off |
4619275 |
pmconfig does not check bounds while processing user input |
4619526 |
powerd does not check bounds while processing user input |
4621278 |
IPv6 home address option has security concerns |
4621760 |
ftp debug output includes passwords in clear text form |
4649509 |
fdformat reads any file as boot sector |
4649511 |
fdformat contains a race condition |
4655066 |
crle: -u with nonexistent config file does not work |
4661997 |
Buffer overflow in dbm_open() |
4664152 |
TPI connection response is extremely hazardous |
4668699 |
Buffer overflow in dbm_open() and dbminit() |
4677620 |
Security issue in sysinfo() |
4680691 |
Doctored rpc calls over UDP can bring down machines through rpcbind |
4702931 |
Ordinary user can panic machine using crafted /dev/arp messages |
4708822 |
priocntl() can load a user module and gain access to system |
4712864 |
TCP_IOC_ABORT_CONN leaks kernel memory |
4725286 |
Panic: recursive rw_enter caused by sendfilev() |
4728754, 4777632 |
sad needs to validate input |
4729683 |
modload() could do some checking before loading a module |
4732677 |
TCP_IOC_ABORT_CONN leaks kernel memory |
4737417 |
ypxfrd security issue with map handling |
4737861 |
IP module allows an unprivileged process to generate raw IP packet |
4740832 |
fbconsole creates tmp files unsafely |
4756570 |
sendmail does not handle some .forward constructs correctly |
4763520 |
TCP accepts connection response queue in T_CONN_RES without validation |
4756979 |
uucp contains a buffer overflow |
4767276, 4778962 |
rpcbind can be killed remotely |
4776480 |
at -r job name handling and race conditions |
4777715 |
CERT Advisory CA-2002-31: Multiple Remote Vulnerabilities in BIND |
4786593 |
pkgadd fails with size issue when space file is present |
4788209 |
/usr/dt/bin/dtprintinfo $HOME environment variable overflow |
4788212 |
/usr/dt/bin/dtsession $HOME environment variable overflow |
4789120 |
Floating point operations in getfpregs() may cause unexpected traps |
4790725 |
Port of patch 109896 to the Trusted Solaris release |
4798301 |
Ordinary user can panic the Solaris x86 kernel |
4804524 |
getfpregs() spuriously enables FPU on sparcv9 |
4809539 |
CERT Advisory CA-2003-07: Remote Buffer Overflow in Sendmail |
The following bugs that are reported in the Trusted Solaris 8 4/01 Release Notes have been fixed in the Trusted Solaris 8 HW 12/02 software:
praudit and auditreduce do not work with RBAC profile entries (4508276)
Some suser() calls still exist in kernel (4493976)
Device Allocation: Configuration dialog box does not configure the first device (4533649)
The fix for bug, 4825056 host token doesn't support IPv6, changes the contents of the header audit token. See the Trusted Solaris 8 HW 12/02 Transition Guide for more information.
This section identifies known problems in the Trusted Solaris 8 HW 12/02 software, describes the problems, and suggests solutions. These bugs might or might not be fixed in a future release.
Trusted Solaris Installation and Configuration instructs the installer to remove the boot diskette.
Workaround: If you have booted from a CD-ROM and have not used a diskette, you can ignore the instruction. Leave the CD-ROM in the drive, let the system reboot, and remove the CD-ROM when instructed to. If you are doing an upgrade install, the system will not automatically reboot after the installation of the first CD.
The smartcard -c enable command updates the pam.conf file incorrectly. The result is that the user is unable to log in with a smart card.
Workaround: In the secadmin role, do the following steps:
Before configuring smart card, save the /etc/pam.conf file.
$ cp /etc/pam.conf /etc/pam.conf.orig |
Configure smart card using the Smart Card Admin GUI. The executable is /usr/dt/bin/sdtsmartcardadmin.
Enable smart card with the following command:
$ smartcard -c enable |
Before logging out, restore the /etc/pam.conf file.
$ cp /etc/pam.conf.orig /etc/pam.conf |
Add the following lines to the /etc/pam.conf file.
You add lines that contain pam_smartcard for both dtlogin and dtsession. You append 'use_first_pass' to the dtlogin and dtsession lines that contain pam_unix.
The lines in the pam.conf file should not contain continuation characters. For display purposes, the lines below contain continuation (\) characters.
dtlogin auth requisite /usr/lib/security/$ISA/pam_smartcard.so.1 dtlogin auth requisite /usr/lib/security/$ISA/pam_tp_auth.so.1 dtlogin auth requisite /usr/lib/security/$ISA/pam_unix.so.1 \ check_retries use_first_pass … dtsession auth requisite /usr/lib/security/$ISA/pam_smartcard.so.1 dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1 \ use_first_pass |
When a patch is released, you can apply the patch to your system. Once the patch is applied, you do not need the workaround.
This release supports only the C locale (U.S. English). Thus, no Languages CD is provided.
Network packets that use the TSIX protocol are not processed correctly when AH headers are present.
Workaround: None.
Network packets that are labeled with the TSOL protocol are not processed correctly by IKE in the SunScreenTM 3.2 product. The SunScreen log messages show IKE_INVALID_COOKIE.
The SunScreen software properly processes TSOL-labeled network traffic that is in clear text. The SunScreen IKE software also behaves correctly in the Trusted Solaris operating environment to protect traffic between unlabeled network connections.
Workaround: None.
A SIGSEGV error is produced when using the nisaddent -avf command to add an incorrectly formatted file to the tnrhdb NIS+ map. The incorrectly formatted file produces a core dump.
Workaround: The nisaddent command works correctly with a valid input file. To ensure that the input file has fields separated by colons and not by spaces, use niscat -s : when dumping an NIS+ table that will be used later as input to NIS+.
This bug occurs in a very unusual situation. The administrator must have consciously configured an NFS remote host to be at one label, and the label range to be another label.
Workaround: To prevent the creation of files at the default label for the server, mount the file system as “read-only”. Existing files are unaffected, but the read-only mount option prevents the creation of files at a label outside the label range.
The new utilities sdtgwm, sdtwsm, and sdtwinlst and their corresponding actions in the Desktop_Apps folder generate errors, such as Warning: Query Module Not Running.
Workaround: None. These tools are inappropriate for users in the Trusted Solaris environment. Thus, the tools are not supported.
The bug is known to occur when the Solaris Management Console is running on an NIS+ client or master and has loaded its toolbox from an NIS+ replica. Next, the replica is shut down and the Solaris Management Console is used to update any NIS+ maps. Since the machine from which the Solaris Management Console loaded its toolbox is down, the Solaris Management Console client has no way to communicate with the Solaris Management Console server, which is the machine from which the toolbox has been loaded.
Workaround: Do not use the Solaris Management Console to update NIS+ databases when an NIS+ replica is down. Use the standard NIS+ command-line interface instead.
Although Trusted Solaris 8 4/01 software does not support information labels (ILs), the chk_encodings command fails with the following error if the label_encodings file omits information about ILs.
# chk_encodings label_encodings Label encodings conversion error at line 37: Can't find INFORMATION LABELS specification. Found instead: "SENSITIVITY LABELS:". label_encodings: label encodings syntax check failed.
Workaround: Copy a valid SENSITIVITY LABELS: section in your label_encodings file, and rename the section to INFORMATION LABELS:, as in:
INFORMATION LABELS: ... WORDS: ... REQUIRED COMBINATIONS: ... COMBINATION CONSTRAINTS: ...See the label_encodings(4) man page for more information.
The Solaris Management Console commands smosservice and smdiskless do not work correctly.
Workaround: Set up diskless service manually. On the OS server, name and allocate the client disk partitions during the installation process.
Drag-and-drop operations do not work reliably for OPEN LOOK applications.
Workaround: Use the copy and paste keys with OPEN LOOK applications.
This bug is seen when you perform the following steps:
Insert diskette.
floppy_0 is allocated by Device Allocation Manager.
From File Manager, click the File menu and select Removable Media Manager.
Select the diskette icon. Click mouse button 3 to open the Labels menu item.
In Removable Media Manager - File Labels (the Trusted Solaris Label Builder), click the Help button at bottom right of the dialog box.
Workaround: Perform the following steps:
Click mouse button 3 on the Front Panel and select Help from the menu. The Workspace Manager – Help window appears.
In the Workspace Manager – Help window, scroll down in the top pane to Trusted Solaris Applications and select that text.
In the bottom pane, click Create Labels.
The Solaris Management Console Mounts tool and Solaris Management Console Shares tool do not manipulate Trusted Solaris attributes.
Workaround: Use the Set Mount Points action and the Share Filesystems action to handle Trusted Solaris attributes. You can also use the Admin Editor on the /etc/vfstab file and the /etc/dfs/dfstab file.