Oracle Solaris provides administrators with a great deal of flexibility when configuring security. As installed, the software prevents privilege escalation. Privilege escalation occurs when a user or process gains more administrative rights than you intended to grant. In this sense, “privilege” means all rights, not just kernel privileges. See Privilege Escalation and Kernel Privileges.
Oracle Solaris software includes rights that are assigned to the root role only. With other security protections in place, an administrator might assign attributes that are designed for the root role to other accounts, but such assignment must be made with care.
The following rights profile and set of authorizations can escalate the privileges of a non-root account:
Media Restore rights profile – This profile is not part of any other rights profile. Because Media Restore provides access to the entire root file system, its use is a possible escalation of privilege. Deliberately altered files or substitute media could be restored. By default, the root role includes this rights profile.
solaris.*.assign authorizations – These authorizations are not assigned to any rights profile. An account with a solaris.*.assign authorization could assign rights to others that the account itself is not assigned. For example, a role with the solaris.profile.assign authorization can assign rights profiles to other accounts that the role itself is not assigned. By default, only the root role has solaris.*.assign authorizations.
Assign solaris.*.delegate authorizations, rather than solaris.*.assign authorizations. A solaris.*.delegate authorization enables the delegater to assign other accounts only those rights that the delegater possesses. For example, a role that is assigned the solaris.profile.delegate authorization can assign rights profiles that the role itself is assigned to other users and roles.
For the prevention of escalation of kernel privileges, see Privilege Escalation and Kernel Privileges.