We strongly recommend that you read and use Trusted Solaris Installation and Configuration (PN 805-8114-10) to guide you in configuring the Trusted Solaris operating environment. The differences between this secure operating environment and a Solaris operating environment, such as -- labels, clearance confirmations, obligatory passwords, security configuration choices, name service domain setup, secure network setup, no superuser -- require planning and guidance during installation and configuration.
The Trusted Solaris 8 operating environment is an upgrade of the Trusted Solaris 7 release, and a security-enhanced version of the following software: Solaris 8 Update 1 operating environment, CDE 1.4.1 (Common Desktop Environment), and the Solaris Management Console 2.0 administrative interface. The release incorporates patches to the Trusted Solaris 7 operating environment, the window system (XW), and patches for the Solaris, CDE and Solaris Management Console releases.
Do not apply patches that may be available for the standard releases of Solaris software, CDE, X Windows, or Solaris Management Console.
The sections are as follows:
For assistance in using the document set, see the Trusted Solaris Roadmap (PN 805-8113-10) document.
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
Fatbrain.com, the Internet's most comprehensive professional bookstore, stocks select product documentation from Sun Microsystems, Inc.
For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the http://docs.sun.com archive or search there for a specific book title or subject.
The Trusted Solaris 8 release supports the workstation, server, and peripherals hardware supported by the Solaris 8 release. See also:
Solaris 8 6/00 Sun Hardware Platform Guide in the Solaris 8 6/00 on Sun Hardware Collection
Solaris 8 (Intel Platform Edition) 6/00 Hardware Compatibility List
The Trusted Solaris 8 release includes the following product patches and bug fixes:
Table 1-1 Product Patches and Bug Fixes Integrated in Trusted Solaris 8
Product |
Patch/Bug Number |
Synopsis |
---|---|---|
CDE 1.4.1 |
108219-01108220-01/4257350 |
dtaction has potential buffer overflow problems |
|
4337474 |
CDE exit failed |
|
4340269 |
When trying to exit session, get TT_ERR_NO_MATCH error |
Solaris Management Console 2.0 |
4353350 |
Rights are displayed in wrong order in Rights Tabs |
4335699 |
Help needs to be up-to-date and accurate |
|
4353356 |
Context help slows down user interface |
|
Solaris 8 Update 1 |
All patches incorporated into the Solaris 8 Update 1 release. See Solaris 8 (SPARC Platform Edition) 6/00 Release Notes Update or Solaris 8 (Intel Platform Edition) 6/00 Release Notes Update for details. |
|
103640-34105402-29/4295834 |
network: NETPATH security problem in libnsl |
|
|
106938-04106939-04/4299852 |
network: Four vulnerabilities have been found in BIND. |
|
107115-05107116-05/4310991 |
utility: netpr: Buffer overflow in netpr_send_message() |
|
107709-07107710-06/4270182 |
smartcard: AuthenticationFailureTrap not generated during testing of security |
|
108301-02108302-02/4254347 |
network: in.tftpd stops service and gets stuck in endless loop executing read |
|
108482-02108483-02/4282985 |
network: snoop may be exploited to gain root access |
|
108529-02/4331306 |
kernel: Transferring large amounts of data using cpio to a partition on a 20Gbyte disk causes a panic. |
|
4237487 |
utility: libprint has buffer overflows and other security problems |
|
4302198 |
kernel: Solaris 8 kernel panic when servicing interrupt from hme device |
|
4313067 |
libcurses: setupterm has buffer overflow |
|
4318294 |
nisplus: Operations on NIS+ master slow when bug fix 4165775 is introduced |
|
4324685 |
smartcard: Error message displayed when smart card is inserted |
|
4325934 |
kernel: boot -r with PCMCIA modem cards installed causes a panic on the Sparc Ultra 2 |
|
4330206 |
kernel: Framebuffers fails to power manage Estar-compliant monitors |
|
4331401 |
audit: segmentation violation in au_user_mask() |
|
4339366 |
sysadmin: Security vulnerability in ufsrestore allows root compromise |
|
4341092 |
network: in.named buffer overflow vulnerabilities |
|
4343216 |
smartcard: Security problem in ocfserv |
|
4344275 |
audit: Preselection will work in 64-bit mode. |
|
4353727 |
AnswerBook2: AB 1.4.2 create admin user interactive shell |
|
4353965 |
audit: CDE logout / exit fails with Tooltalk message |
|
4366956 |
library: NLSPATH gettext introduces problems when used printf format specifier |
|
4364261 |
consolidation: sprintf and gettext do not mix |
|
4373273 |
audit: praudit has problems with certain audit records |
Trusted Solaris 7 -- Trusted Solaris 8 contains all the patches released for Trusted Solaris 7. |
See the Trusted Solaris 8 Transition Guide for the changes from the Trusted Solaris 7 release to the current release
See the "What's New at a Glance" in Solaris 8 Installation Supplement for new features that the Trusted Solaris 8 release inherits from the Solaris 8 release.
The following bugs reported in the Trusted Solaris 7 Release Notes have been fixed in the Trusted Solaris 8 software:
(4029612) The label_encodings file is protected from reading.
(4029584) bltos(3TSOL) function's binary to character-coded and character-coded to binary label translation is MT-safe.
(4055191) libtsol() label functions change logging behavior of programs that use the label functions, that is, they change syslog parameters.
(4287445), (4268980) The 64-bit t6 library routines t6peek_attr(3NSL) and t6last_attr(3NSL) succeed in the libbsm library. The auditwrite(3TSOL) library routine works in 64-bit programs.
(4288647) Preselection in the libbsm routines reliably occurs.
This section identifies known problems in the Trusted Solaris 8 software, describes them, and suggests solutions to them. These bugs may or may not be fixed in a future release.
The system calls bind and accept are audited through audit events (such as AUE_SOCKACCEPT) in the nt (network) audit class. When the network audit class is preselected for auditing, these events do not appear on the audit trail.
Workaround: None. Do not attempt to collect audit records for bind and accept.
If a user mistypes a password for a local account, the label of the /etc/shadow file may change. This can cause subsequent login attempts to fail.
Workaround: If you mistype the password for a local account, have the security administrator immediately relabel the /etc/shadow file as ADMIN_LOW
.
This is a very unusual situation to be in. This requires that the administrator consciously configure a NFS remote host to be at one label, and the label range to be another.
Workaround: If you do not want to allow the creation of files at the default label for the server, mount the file system as "read-only". That does not affect existing files, but it prevents the creation of files at a label outside the label range.
Although Trusted Solaris 8 does not support information labels (ILs), the label_encodings(4) command fails with the following error if the label_encodings file omits information about ILs.
# chk_encodings label_encodings Label encodings conversion error at line 37: Can't find INFORMATION LABELS specification. Found instead: "SENSITIVITY LABELS:". label_encodings: label encodings syntax check failed.
Workaround: Copy a valid SENSITIVITY LABELS: section in your label_encodings file, and rename it to INFORMATION LABELS: :
INFORMATION LABELS: ... WORDS: ... REQUIRED COMBINATIONS: ... COMBINATION CONSTRAINTS: ...
The label daemon, labeld, always operates in the C locale.
Workaround: In locales where upper/lower case are not a direct mapping of the C locale, the classification and word names, short names, and alternate names in the label_encodings(4) file and all string labels in all databases must be in upper case only. Also, all labels must be entered in upper case only.
Execution attributes for commands/actions in profiles in NIS maps are not seen.
Workaround: Define profiles and execution attributes for actions/commands in the files (local) scope for NIS clients. Or, use NIS+ for your site's naming service.
The SMC commands smosservice and smdiskless do not work correctly.
Workaround: Set up diskless service manually. On the OS server, name and allocate the client disk partitions during the installation program.
The Rights and Serial Manager do not produce auditing records. There is a Solaris bug for this: 4357512. The Groups Manager audits modifications only. The tools to handle trusted network databases, Interface Manager and Security Families, are not audited.
Workaround: None. Do not expect to collect audit records for SMC tools.
Trusted Solaris security attributes, such as allowed=all, cannot be set or viewed on a mounted file system using the SMC Mounts tool.
Workaround: Mount file systems and view the mounts on your system by using the mount(1M) command.
When using the Trusted Solaris Management Console, Computers and Networks, Security Families tool, an entry like the following is rejected:
IP address: 2::45:b00:20ff:fe78 Prefix length: 127 template: tsol
Workaround: Do not use double colons. For example, enter the above IP address in SMC as follows:
IP address: 2:0:0:0:45:b00:20ff:fe78 Prefix length: 127 template: tsol
The SMC Scheduled Jobs tool always runs at ADMIN_LOW
even if the SMC client is running at a normal user label, like CONFIDENTIAL
. The SMC server runs at ADMIN_LOW
and does
not consider the client's sensitivity label.
No error message is generated but the cron entry is stored at a label below the user's minimum label.
Workaround: To create cron jobs at labels other than ADMIN_LOW
, use the crontab(1) command.
If you use two different scopes during one invocation of SMC, entries can get saved into the wrong scope.
Workaround: Do not switch back and forth between scopes when using the SMC tools. When changing scope, quit and restart the SMC client.
The TSIX network protocol does not work.
Workaround: Use the TSOL network protocol.
Read the files in SUNWrdm for information on the basic Solaris 8 environment.
Workaround: For late-breaking news, use this book, Trusted Solaris 8 Release Notes.
After a user clicks the EXIT icon on the front panel to exit, the system does not return to the login screen. Instead it just hangs with a gray screen. This bug is in base Xserver (4068021, 4378762).
Assume the admin role on another machine.
In the admin role, rlogin to the hung machine.
Find and kill the Xsun process.
$ ps -ef | grep Xsun Xsun_proc_id $ kill Xsun_proc_id
Drag and drop operations do not work reliably for OpenLook applications.
Workaround: Use the copy and paste keys with OpenLook applications.
If the selection manager process dies for any reason, it is automatically restarted. When it is restarted, it inherits the C locale instead of the locale it was originally started with.
Workaround: Log out and log back in.
The swmtool(1M) utility does not work in the Trusted Solaris 8 operating environment.
Workaround: Use the pkgadd(1M) utility. Or change the following line in /var/sadm/system/admin/INST_RELEASE to read Solaris:
# OS=Trusted Solaris OS=Solaris