test

Trusted Solaris Developer's Guide

Security Attributes

By default, messages originating on a Trusted Solaris system acquire the following security attributes from the sending process:

The TSIX library lets you change the user ID, group ID, sensitivity label, process clearance, or privilege attributes before the message is sent.

The TSIX library also lets you retrieve the security attributes on an incoming message. Because a distributed network can have any combination of host types running different Trusted networking protocols, not all protocols support all security attributes. Messages coming from or going to a host type other than a Trusted Solaris host will have very few of the above security attributes.

For example, the audit ID, audit information, and supplementary group ID attributes can only be sent from and received by a host running the TSIX protocol, and when a packet originates on a Solaris host, none of the Solaris security attributes are present when the packet arrives on a Trusted Solaris host.

Note -

The TSIX library can be used in any application written for the Trusted Solaris environment. The TSIX protocol is not required to use the TSIX library.

Default security attributes are assigned to messages arriving on Trusted Solaris hosts from other host types according to settings in the network database files. Security attributes retrieved by TSIX library calls from incoming messages come out of the network database files if they did not arrive with the message. See the Trusted Solaris Administrator's document set for information on host types, their supported security attributes, and network database file defaults.

The sensitivity label of data sent over the network must be within the origination, destination, and next hop destination workstation accreditation ranges. There is no privilege to override this restriction.