Use Trusted Solaris Installation and Configuration (PN 816-1040-10) to configure the Trusted SolarisTM Operating System. The differences between a Trusted Solaris Operating System and a SolarisTM Operating System require planning and guidance during installation and configuration. Differences occur in labels, clearance confirmations, obligatory passwords, security configuration choices, name service domain setup, and secure network setup, and no superuser.
The Trusted Solaris 8 HW 7/03 release upgrades the Trusted Solaris 8 HW 12/02 release. The new release also enhances the following software with security:
Solaris 8 HW 7/03 release
X Windows, version 11.0
CDE 1.4.8 (Common Desktop Environment)
Solaris Management Console 2.0.0 administrative interface
This release includes the following patches:
Security patches for Solaris software that affect Trusted Solaris software. See Table 1–1.
Patches that were released to patch the Trusted Solaris 8 HW 12/02 release. See Table 1–2.
All Solaris patches that were included in the Solaris 8 HW 7/03 release. Use the showrev -p command to list the patches that have been applied to the system.
You can safely apply many patches that are available for the standard releases of Solaris software, CDE, X Windows, or the Solaris Management Console. Trusted Solaris software is packaged to reflect differences from Solaris software packages only where such differences exist.
The sections in this document are as follows:
Solaris Bug Fixes Incorporated Into the Trusted Solaris 8 HW 7/03 Release
Trusted Solaris 8 HW 12/02 Bugs Fixed in the Trusted Solaris 8 HW 7/03 Release
Man Page Changes and Additions to the Trusted Solaris 8 HW 7/03 Release
The docs.sun.comSM web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
For additional information about the Trusted Solaris product, visit the http://www.sun.com/trustedsolaris web site.
For help from the user community in a public forum, visit the http://www.sun.com/supporttraining web site. Select Forums. After selecting Trusted Solaris Security, you can click the Register button to register for and participate in the Trusted Solaris Support Forum.
Read the following Trusted Solaris books and Solaris books:
Trusted Solaris 8 HW 7/03 Release Notes – This document. For bugs that have been fixed between the Trusted Solaris 8 HW 12/02 and Trusted Solaris 8 HW 7/03 releases.
Trusted Solaris 8 HW 7/03 Transition Guide – For changes from the Trusted Solaris 7, Trusted Solaris 8, Trusted Solaris 8 4/01, and Trusted Solaris 8 HW 12/02 releases to the Trusted Solaris 8 HW 7/03 release. Also, for differences between the Trusted Solaris releases and their Solaris counterparts.
“Released Patches” chapter of Solaris 8 HW 7/03 Release Notes Supplement for Sun Hardware in the Solaris 8 Collection for Sun Hardware, http://docs.sun.com/db/coll/801.1.
“Released Patches” chapter of Solaris 8 HW 5/03 Release Notes Supplement for Sun Hardware in the Solaris 8 Collection for Sun Hardware, http://docs.sun.com/db/coll/801.1.
Solaris 8 2/02 What's New – For features that the Trusted Solaris 8 HW 12/02 and Trusted Solaris 8 HW 7/03 releases inherit from the Solaris 8 release.
Solaris 8 (SPARC Platform Edition) 2/02 Release Notes – For information about the Solaris 8 release.
Solaris 8 (Intel Platform Edition) 2/02 Release Notes – For information about the Solaris 8 release.
The Trusted Solaris 8 HW 7/03 release supports the workstation, server, and peripherals hardware that are supported by the Solaris 8 HW 7/03 release. The Trusted Solaris 8 HW 7/03 release also supports the Sun FireTM V60x and Sun Fire V65x hardware platforms.
For the hardware that is supported by the Solaris 8 HW 7/03 release, see the following Sun hardware books:
Solaris 8 HW 7/03 Sun Hardware Platform Guide in the Solaris 8 HW 7/03 on Sun Hardware Collection
Solaris 8 (Intel Platform Edition) 2/02 Hardware Compatibility List
For the Sun Fire V60x and Sun Fire V65x servers, do the following steps to reach documentation that can be downloaded:
Go to the Sun hardware documentation web site, http://www.sun.com/products-n-solutions/hardware/docs.
In the left-hand column, click Servers.
Click Sun Fire V60x and V65x to reach the list of documentation.
Information in this section is provided to help assist customers and vendors with early planning for migration to future releases. This information is based on information that is presently available.
In the future, Sun might no longer supply Trusted Solaris software as a product that is based on modifying the Solaris kernel. Instead, Sun might produce the functionality as software that is designed to meet or exceed the requirements of the Common Criteria's Labeled Security Protection Profile. Sun might also include features such as the multilevel secure desktop and trusted networking. This functionality might be installed with a future release of the Solaris operating system.
Some features that might change are:
The information labels (ILs) feature was removed in the Trusted Solaris 7 release, but programmatic storage for ILs was maintained in order to preserve compatibility. That storage might be removed in a future release.
Support for the TSIX protocol might be dropped.
The NIS+ naming service might be replaced by another naming service in future releases.
The formats of configuration files might change. The file formats are described in section 4 of the Reference Manual of earlier releases. For example, the entries and the fields in the audit_user file and the tsolinfo file might change.
The names of privileges might change. Therefore, interfaces that check for specific privileges might change correspondingly. For example, the privilege macros that are described on the priv_macros(5) man page might change.
Your experience when using future releases of Trusted Solaris software will generally be the same as your current experience. However, the underlying implementation for features such as privileges, file system attributes, and networking might change. For example, the interfaces that are documented in the Trusted Solaris Reference Manual might change.
Sun might produce a transition guide that maps the current interfaces to their new counterparts. Alternatively, Sun might recommend a way to handle removed interfaces.
The following interfaces might be removed in a future Trusted Solaris release:
User commands
System administration commands
System calls
The following interfaces might be removed or be substituted for by other interfaces:
Trusted Solaris library routines
The following interfaces might change in name or behavior or both:
User commands
System administration commands
System calls
PAM interfaces
The Trusted Solaris 8 HW 7/03 release includes all product patches and bug fixes that were incorporated into the Solaris 8 HW 7/03 release. Use the showrev -p command to see the list of patches that are included in the release.
Additional bug fixes that are included in the Trusted Solaris 8 HW 7/03 release are listed in the following table. Some bug fixes are for software that is part of the Trusted Solaris release, such as CDE or the Solaris Management Console.
Table 1–1 Solaris Bug Fixes Incorporated Into the Trusted Solaris 8 HW 7/03 Release
Solaris Bug Number |
Solaris Patch ID, If Any |
Synopsis |
---|---|---|
4248632 |
|
Xserver: xlock command should use PAM |
4352330, 4872634 |
109147-25, 109148-25 |
Large LD_PRELOAD values can cause SEGV of process |
4680913 |
|
Xserver: Insecure creation of /tmp/wg0000 files |
4742992 |
|
Shell escape from format command under RBAC |
4729683 |
|
modload() function should check before loading a module |
4779410 |
|
tirdwrrput() function makes unwarranted M_PROTO/M_PCPROTO assumptions |
4783410 |
|
kstat_read() function can be used to panic kernel |
4790332 |
|
poll() function does not validate the arguments passed |
4803267 |
114673-01, 114674-01 |
/usr/sbin/wall command can be used to simulate root messages Trusted Solaris patches 115366-01, 115367-10 |
4807715 |
|
ping command has potential buffer overflow |
4830525 |
|
Buffer overflow in nss_ldap.so.1 library |
4839862 |
110615-09, 110616-09 |
Upgrade Trusted Solaris 8 sendmail program to version 8.11.7 |
4857394 |
|
AUE_MODADDMAJ does not check user arguments |
4860134 |
|
rpc.nisd daemon security issue |
4880232 |
|
CDE: dtsession screen lock deferred until PAM conversation function is run |
4924896 |
|
Java 2 Runtime Environment, Standard Edition (JRE) J2SE: Provide Java versions 1.2.2_17a and 1.3.1_10 with updated CA certificates in cacerts file |
4925761 |
|
CERT CA-2003-25: Buffer underflow in sendmail program |
4930117 |
|
CDE: Large DTHELPUSERSEARCHPATH value can cause programs to segmentation fault |
The following bugs that are reported in the Trusted Solaris 8 HW 12/02 Release Notes and in the Beta version of the Trusted Solaris 8 HW 7/03 Release Notes have been fixed:
Enabling smart card removes PAM entries from pam.conf file (4827207, 4830611)
Dynamic reconfiguration needs a profile update (4837675)
File descriptor leakage in rpc.nisd daemon (4905191)
ping on restricted interfaces can get response from higher label (4639031)
syslog fails to send any messages above admin_low to remote hosts (4898790)
telnet leak generates improper traffic (4894365)
The following table describes bugs that were found in the Trusted Solaris 8 HW 12/02 release that have been fixed in this release.
Table 1–2 Trusted Solaris 8 HW 12/02 Bugs That Have Been Fixed in the Trusted Solaris 8 HW 7/03 Release
Trusted Solaris Bug Number |
Trusted Solaris Patch ID, If Any |
Synopsis |
---|---|---|
4877950 |
|
mldrealpath(3TSOL) library function fails after repeated calls |
4885645 |
|
tar command is incompatible and can downgrade information |
4854274 |
115368-02, 115369-02 |
T option to tar command requires proper cwd |
4868574 |
|
The updatehome command does not properly handle files in subdirectories |
4873497 |
|
The chk_encodings command does not properly parse the suffix label in the REQUIRED COMBINATIONS section |
4876279 |
|
libz command should be included on x86 miniroot |
4903672 |
|
Screen does not lock if pointer is grabbed |
4931908 |
|
df -k command ignores MAC |
The Solaris 8 HW 7/03 release introduced several new PAM modules:
pam_authtok_check(5)
pam_authtok_get(5)
pam_authtok_store(5)
pam_dhkeys(5)
pam_passwd_auth(5)
pam_unix_account(5)
pam_unix_auth(5)
pam_unix_session(5)
In the Solaris 8 HW 7/03 release, these modules replace the pam_unix(5) module. However, the Trusted Solaris 8 HW 7/03 release does not support these new modules. Instead, this release maintains documented use of the pam_unix(5) module as the required configuration.
The Solaris 8 HW 7/03 release introduced changes to the audit_class file and to the audit_event file. The Trusted Solaris 8 HW 7/03 release includes those changes. Backward compatibility with a site's existing user configuration is maintained. In addition, audit trails from previous Trusted Solaris releases can still be processed.
The audit_class file has changed in the following ways:
Some classes have been assigned to a new mask value.
Some administrative classes have been changed.
Some administrative classes have been added.
The obsolete fn and io classes have been removed.
The audit_event file has changed in the following ways:
Some events have been assigned to a new class. The new assignments correspond to the audit_class changes that are described in the preceding list.
Several obsolete events have been changed to the no class.
For details of the changes, see the audit_class file and the audit_event file on your system.
The Trusted Solaris 8 HW 7/03 release incorporates the man page additions and man page modifications from the Solaris 8 HW 7/03 release. These changes include the following man pages:
Man pages from the SUNWman patches in the Solaris 8 HW 7/03 release
SUNWman patch 108808-43 for SPARC platforms
SUNWman patch 108809-43 for x86 platforms
Man pages that describe new or updated hardware information, and are not part of a patch
All Trusted Solaris man pages, including the new and updated man pages, are available in Trusted Solaris 8 HW 7/03 software by using the man command.
The following new and updated man pages contain Trusted Solaris changes. The latest versions are available only from the man command in the Trusted Solaris 8 HW 7/03 release.
crontab(1)
update_drv(1M)
exec(2)
pam_unix(5)
The following new man pages do not include Trusted Solaris changes. These man pages are available from two locations:
From the man command in the Trusted Solaris release
From the Solaris 9 Reference Manual Collection on the docs.sun.com web site
The following updated man pages do not include Trusted Solaris changes. These man pages are available from two locations:
From the man command in the Trusted Solaris release
From the Solaris 9 Reference Manual Collection on the docs.sun.com web site
This section identifies known problems in the Trusted Solaris 8 HW 7/03 software, describes the problems, and suggests solutions. These bugs might or might not be fixed in a future release.
Trusted Solaris Installation and Configuration instructs the customer to remove the boot diskette.
Workaround: When the installation program informs you to remove the boot diskette, do so. The CD-ROM is still inserted. During the BIOS/system self-tests, you can remove the CD.
If you have installed the software from a CD-ROM, leave the CD-ROM in the drive. If you are doing an upgrade install, the system does not automatically reboot after the installation of the first CD.
On most systems, if you fail to remove the CD during the self-tests, the device configuration screen appears. You can then navigate the menus in the Device Configuration Assistant (DCA) and select the hard drive to boot from. You then remove the CD when the installation program prompts you to do so.
If you are installing a Sun Fire V60x or a Sun Fire V65x system, you must remove the CD during the BIOS/system self-tests. You are not prompted to remove the CD. You then boot directly from the disk.
Neither the Device Configuration Assistant (DCA) diskette nor the CD-ROM can boot a Sun Fire V60x or a Sun Fire V65x system. For installation issues, see the preceding section.
Workaround: If your hard drive becomes corrupted or is overwritten, use the Solaris 9 8/03 DCA diskette. This diskette supports the Sun Fire V60x and V65x platforms. If you do not have a DCA diskette for the Solaris 9 8/03 release, download the software from the Sun web site. Follow these steps:
Go to the Sun BigAdminSM web site at http://www.sun.com/bigadmin.
Select HCL from the left-hand column.
Select Solaris x86 Device Configuration Assistant 1.1. Then, follow the directions to download the DCA software to a diskette.
Use the DCA diskette to boot the Sun Fire V60x and Sun Fire V65x systems.
A network install server that is running the Trusted Solaris operating system is unable to communicate with Trusted Solaris clients that the install server has installed until the server is rebooted.
Workaround: If the client will need to be in contact with the network install server, reboot the server. If there are multiple clients to install, reboot the server after the client installations are complete.
Alternatively, you can install Trusted Solaris clients from a network install server that is running the Solaris operating system.
When an unlabeled machine sends a full packet, an intervening labeled gateway adds the CIPSO header. The addition of the CIPSO header makes the packet larger than 1500 bytes, and therefore the packet is dropped due to size.
Workaround: By setting the MTU on the system to be smaller, the problem is solved. Then, when the CIPSO label is added, the packet is still a legal size.
Cutting and pasting between xterm windows when using xinerama causes the following problems:
The xterm application that the data is copied from terminates. Termination happens at the instant that the data is pasted.
Running the mozilla application results in a BadWindow error, with mozilla failing to run.
The title bar and label bar of exposed windows is not properly redrawn.
Workaround: None.
This release supports only the C locale (U.S. English). Thus, no Languages CD is provided.
Network packets that use the TSIX protocol are not processed correctly when AH headers are present.
Workaround: None.
Network packets that are labeled with the TSOL protocol are not processed correctly by IKE in the SunScreenTM 3.2 product. The SunScreen product is co-packaged with this release. The SunScreen log messages show IKE_INVALID_COOKIE.
The SunScreen software properly processes TSOL-labeled network traffic that is in clear text. The SunScreen IKE software also behaves correctly in the Trusted Solaris operating environment to protect traffic between unlabeled network connections.
Workaround: None.
A SIGSEGV error is produced when using the nisaddent -avf command to add an incorrectly formatted file to the tnrhdb NIS+ map. The incorrectly formatted file produces a core dump.
Workaround: The nisaddent command works correctly with a valid input file. To ensure that the input file has fields separated by colons and not by spaces, use niscat -s : when dumping an NIS+ table that will be used later as input to NIS+.
This bug occurs in a very unusual situation. The administrator must have consciously configured an NFS remote host to be at one label, and the label range to be another label.
Workaround: To prevent the creation of files at the default label for the server, mount the file system as “read-only”. Existing files are unaffected, but the read-only mount option prevents the creation of files at a label outside the label range.
The new utilities sdtgwm, sdtwsm, and sdtwinlst and their corresponding actions in the Desktop_Apps folder generate errors, such as Warning: Query Module Not Running.
Workaround: None. These tools are inappropriate for users in the Trusted Solaris environment. Thus, the tools are not supported.
The bug is known to occur when the Solaris Management Console is running on an NIS+ client or master and has loaded its toolbox from an NIS+ replica. Next, the replica is shut down and the Solaris Management Console is used to update any NIS+ maps. Since the machine from which the Solaris Management Console loaded its toolbox is down, the Solaris Management Console client has no way to communicate with the Solaris Management Console server, which is the machine from which the toolbox has been loaded.
Workaround: Do not use the Solaris Management Console to update NIS+ databases when an NIS+ replica is down. Use the standard NIS+ command-line interface instead.
Although Trusted Solaris 8 software does not support information labels (ILs), the chk_encodings command fails with the following error if the label_encodings file omits information about ILs.
# chk_encodings label_encodings Label encodings conversion error at line 37: Can't find INFORMATION LABELS specification. Found instead: "SENSITIVITY LABELS:". label_encodings: label encodings syntax check failed. |
Workaround: Copy a valid SENSITIVITY LABELS: section in your label_encodings file, and rename the section to INFORMATION LABELS:, as in:
INFORMATION LABELS: ... WORDS: ... REQUIRED COMBINATIONS: ... COMBINATION CONSTRAINTS: ... |
See the label_encodings(4) man page for more information.
The Solaris Management Console commands smosservice and smdiskless do not work correctly.
Workaround: Set up diskless service manually. On the OS server, name and allocate the client disk partitions during the installation process.
Drag-and-drop operations do not work reliably for OPEN LOOK applications.
Workaround: Use the copy and paste keys with OPEN LOOK applications.
This bug is seen when you perform the following steps:
Insert diskette.
floppy_0 is allocated by Device Allocation Manager.
From File Manager, click the File menu and select Removable Media Manager.
Select the diskette icon. Click mouse button 3 to open the Labels menu item.
In Removable Media Manager - File Labels (the Trusted Solaris Label Builder), click the Help button at bottom right of the dialog box.
Workaround: Perform the following steps:
Click mouse button 3 on the Front Panel and select Help from the menu. The Workspace Manager – Help window appears.
In the Workspace Manager – Help window, scroll down in the top pane to Trusted Solaris Applications and select that text.
In the bottom pane, click Create Labels.
The Solaris Management Console Mounts tool and Solaris Management Console Shares tool do not manipulate Trusted Solaris attributes.
Workaround: Use the Set Mount Points action and the Share Filesystems action to handle Trusted Solaris attributes. You can also use the Admin Editor on the /etc/vfstab file and the /etc/dfs/dfstab file.