The following attributes are present on objects in Solaris and Trusted Solaris file systems: User Id, Group Id, Permission Mode, and Access ACL (optional). Trusted Solaris files and directories have additional security attributes. The following table describes the extended security attributes provided in Trusted Solaris software.
Table 9-1 Trusted Solaris File and Directory AttributesExtended Attributes | Description of Extended Trusted Solaris Attributes |
---|---|
Label | The label of the file or directory. |
Forced Privileges | Optional. The set of privileges that an executable file is guaranteed to have available at start of execution. Must be a subset of the allowed privileges. |
Allowed Privileges | Optional. The maximum set of privileges that an executable file is allowed to use during its execution. (Editing executable files causes them to lose all their privileges. Therefore, limiting the privileges that an executable can use to those in its allowed set provides a protection against Trojan Horses, since programs cannot use inheritable privileges if the programs have been edited.) Must be a superset of the forced privileges. |
File Attribute Flag |
Optional. The only supported file attribute flag is |
Directory Attribute Flag | Optional. Flag indicating that a directory is an MLD |