Trusted Solaris 8 HW 7/03 Release Notes

Use Trusted Solaris Installation and Configuration (PN 816-1040-10) to configure the Trusted Solaris^TM Operating System. The differences between a Trusted Solaris Operating System and a Solaris^TM Operating System require planning and guidance during installation and configuration. Differences occur in labels, clearance confirmations, obligatory passwords, security configuration choices, name service domain setup, and secure network setup, and no superuser.

The Trusted Solaris 8 HW 7/03 release upgrades the Trusted Solaris 8 HW 12/02 release. The new release also enhances the following software with security:

• Solaris 8 HW 7/03 release

• X Windows, version 11.0

• CDE 1.4.8 (Common Desktop Environment)

• Solaris Management Console 2.0.0 administrative interface

This release includes the following patches:

• Security patches for Solaris software that affect Trusted Solaris software. See Table 1–1.

• Patches that were released to patch the Trusted Solaris 8 HW 12/02 release. See Table 1–2.

• All Solaris patches that were included in the Solaris 8 HW 7/03 release. Use the showrev -p command to list the patches that have been applied to the system.

You can safely apply many patches that are available for the standard releases of Solaris software, CDE, X Windows, or the Solaris Management Console. Trusted Solaris software is packaged to reflect differences from Solaris software packages only where such differences exist.

The sections in this document are as follows:

• Getting Help

• Supported Hardware

• Future Trusted Solaris Releases

• Solaris Bug Fixes Incorporated Into the Trusted Solaris 8 HW 7/03 Release

• Trusted Solaris 8 HW 12/02 Bugs Fixed in the Trusted Solaris 8 HW 7/03 Release

• No Changes to PAM Modules

• Changes to Auditing

• Man Page Changes and Additions to the Trusted Solaris 8 HW 7/03 Release

• Known Problems With the Software

Getting Help

The docs.sun.com^SM web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.

For additional information about the Trusted Solaris product, visit the http://www.sun.com/trustedsolaris web site.

For help from the user community in a public forum, visit the http://www.sun.com/supporttraining web site. Select Forums. After selecting Trusted Solaris Security, you can click the Register button to register for and participate in the Trusted Solaris Support Forum.

Reading About the Changes and Features in the Trusted Solaris 8 HW 7/03 Release

Read the following Trusted Solaris books and Solaris books:

Trusted Solaris books

Trusted Solaris 8 HW 7/03 Release Notes – This document. For bugs that have been fixed between the Trusted Solaris 8 HW 12/02 and Trusted Solaris 8 HW 7/03 releases.

Trusted Solaris 8 HW 7/03 Transition Guide – For changes from the Trusted Solaris 7, Trusted Solaris 8, Trusted Solaris 8 4/01, and Trusted Solaris 8 HW 12/02 releases to the Trusted Solaris 8 HW 7/03 release. Also, for differences between the Trusted Solaris releases and their Solaris counterparts.

Solaris books

“Released Patches” chapter of Solaris 8 HW 7/03 Release Notes Supplement for Sun Hardware in the Solaris 8 Collection for Sun Hardware, http://docs.sun.com/db/coll/801.1.

“Released Patches” chapter of Solaris 8 HW 5/03 Release Notes Supplement for Sun Hardware in the Solaris 8 Collection for Sun Hardware, http://docs.sun.com/db/coll/801.1.

Solaris 8 2/02 What's New – For features that the Trusted Solaris 8 HW 12/02 and Trusted Solaris 8 HW 7/03 releases inherit from the Solaris 8 release.

Solaris 8 (SPARC Platform Edition) 2/02 Release Notes – For information about the Solaris 8 release.

Solaris 8 (Intel Platform Edition) 2/02 Release Notes – For information about the Solaris 8 release.

Supported Hardware

The Trusted Solaris 8 HW 7/03 release supports the workstation, server, and peripherals hardware that are supported by the Solaris 8 HW 7/03 release. The Trusted Solaris 8 HW 7/03 release also supports the Sun Fire^TM V60x and Sun Fire V65x hardware platforms.

For the hardware that is supported by the Solaris 8 HW 7/03 release, see the following Sun hardware books:

• Solaris 8 HW 7/03 Sun Hardware Platform Guide in the Solaris 8 HW 7/03 on Sun Hardware Collection

• Solaris 8 (Intel Platform Edition) 2/02 Hardware Compatibility List

For the Sun Fire V60x and Sun Fire V65x servers, do the following steps to reach documentation that can be downloaded:

1. Go to the Sun hardware documentation web site, http://www.sun.com/products-n-solutions/hardware/docs.

2. In the left-hand column, click Servers.

3. Click Sun Fire V60x and V65x to reach the list of documentation.

Future Trusted Solaris Releases

Information in this section is provided to help assist customers and vendors with early planning for migration to future releases. This information is based on information that is presently available.

In the future, Sun might no longer supply Trusted Solaris software as a product that is based on modifying the Solaris kernel. Instead, Sun might produce the functionality as software that is designed to meet or exceed the requirements of the Common Criteria's Labeled Security Protection Profile. Sun might also include features such as the multilevel secure desktop and trusted networking. This functionality might be installed with a future release of the Solaris operating system.

Some features that might change are:

• The information labels (ILs) feature was removed in the Trusted Solaris 7 release, but programmatic storage for ILs was maintained in order to preserve compatibility. That storage might be removed in a future release.

• Support for the TSIX protocol might be dropped.

• The NIS+ naming service might be replaced by another naming service in future releases.

• The formats of configuration files might change. The file formats are described in section 4 of the Reference Manual of earlier releases. For example, the entries and the fields in the audit_user file and the tsolinfo file might change.

• The names of privileges might change. Therefore, interfaces that check for specific privileges might change correspondingly. For example, the privilege macros that are described on the priv_macros(5) man page might change.

Your experience when using future releases of Trusted Solaris software will generally be the same as your current experience. However, the underlying implementation for features such as privileges, file system attributes, and networking might change. For example, the interfaces that are documented in the Trusted Solaris Reference Manual might change.

Sun might produce a transition guide that maps the current interfaces to their new counterparts. Alternatively, Sun might recommend a way to handle removed interfaces.

The following interfaces might be removed in a future Trusted Solaris release:

• User commands

  • adornfc(1)
  • getfattrflag(1)
  • getfattrflag(1)
  • getmldadorn(1)
  • getsldname(1)
  • setfattrflag(1)
  • setfpriv(1)
  • setlabel(1)
  • tfind(1)

• System administration commands

  • getfsattr(1M)
  • getfsattr_ufs(1M)
  • newsecfs(1M)
  • runpd(1M)
  • setfsattr(1M)
  • sysh(1M)

• System calls

  • fgetcmwfsrange(2)
  • fgetcmwlabel(2)
  • fgetfattrflag(2)
  • fgetfpriv(2)
  • fgetfsattr(2)
  • fgetmldadorn(2)
  • fgetsldname(2)
  • fsetcmwlabel(2)
  • fsetfattrflag(2)
  • fsetfpriv(2)
  • getcmwfsrange(2)
  • getcmwlabel(2)
  • getcmwplabel(2)
  • getfattrflag(2)
  • getfpriv(2)
  • getfsattr(2)
  • getmldadorn(2)
  • getmsgqcmwlabel(2)
  • getsemcmwlabel(2)
  • getshmcmwlabel(2)
  • getsldname(2)
  • lgetcmwlabel(2)
  • lsetcmwlabel(2)
  • mldgetattrflag(2)
  • mldsetfattrflag(2)
  • setclearance(2)
  • setcmwlabel(2)
  • setcmwplabel(2)
  • setfattrflag(2)
  • setfpriv(2)
  • setfsattr(2)
  • tokmapper(2)
  • writel(2)
  • writevl(2)

The following interfaces might be removed or be substituted for by other interfaces:

• Trusted Solaris library routines

  • adornfc(3TSOL)
  • auditwrite(3TSOL)
  • b*(3TSOL)
  • getcsl(3TSOL)
  • getpeerinfo(3TSOL)
  • getvfsaent(3TSOL)
  • getvfsafile(3TSOL)
  • hextob(3TSOL)
  • h_free(3TSOL)
  • htobcl(3TSOL)
  • htobclear(3TSOL)
  • htobsl(3TSOL)
  • labelbuilder(3TSOL)
  • labelclipping(3TSOL)
  • libt6(3NSL)
  • mldgetcwd(3TSOL)
  • mldlstat(3TSOL)
  • mldrealpath(3TSOL)
  • mldrealpathl(3TSOL)
  • mldstat(3TSOL)
  • randomword(3TSOL)
  • sb*(3TSOL)
  • setbltype(3TSOL)
  • setcsl(3TSOL)
  • set_inheritable_priv(3TSOL)
  • str_to_priv*(3TSOL)
  • tsol_lbuild_*(3TSOL)
  • t6*(3NSL)
  • Xb*(3TSOL)
  • tsol*strattr(9F)

The following interfaces might change in name or behavior or both:

• User commands

  • pattr(1)
  • ppriv(1)
  • pprivtest(1)
  • tar(1)

• System administration commands

  • smnetidb(1M)
  • smnettmpl(1M)
  • smprofile(1M)
  • tbootparam(1M)
  • tnchkdb(1M)
  • tnctl(1M)
  • tnd(1M)
  • tninfo(1M)

• System calls

  • getclearance(2)
  • getpattr(2)
  • setpattr(2)
  • getppriv(2)

• PAM interfaces

  • pam_tp_auth(5)
  • pam_tsol(5)

Solaris Bug Fixes Incorporated Into the Trusted Solaris 8 HW 7/03 Release

The Trusted Solaris 8 HW 7/03 release includes all product patches and bug fixes that were incorporated into the Solaris 8 HW 7/03 release. Use the showrev -p command to see the list of patches that are included in the release.

Additional bug fixes that are included in the Trusted Solaris 8 HW 7/03 release are listed in the following table. Some bug fixes are for software that is part of the Trusted Solaris release, such as CDE or the Solaris Management Console.

Trusted Solaris 8 HW 12/02 Bugs Fixed in the Trusted Solaris 8 HW 7/03 Release

The following bugs that are reported in the Trusted Solaris 8 HW 12/02 Release Notes and in the Beta version of the Trusted Solaris 8 HW 7/03 Release Notes have been fixed:

• Enabling smart card removes PAM entries from pam.conf file (4827207, 4830611)

• Dynamic reconfiguration needs a profile update (4837675)

• File descriptor leakage in rpc.nisd daemon (4905191)

• ping on restricted interfaces can get response from higher label (4639031)

• syslog fails to send any messages above admin_low to remote hosts (4898790)

• telnet leak generates improper traffic (4894365)

The following table describes bugs that were found in the Trusted Solaris 8 HW 12/02 release that have been fixed in this release.

No Changes to PAM Modules

The Solaris 8 HW 7/03 release introduced several new PAM modules:

• pam_authtok_check(5)

• pam_authtok_get(5)

• pam_authtok_store(5)

• pam_dhkeys(5)

• pam_passwd_auth(5)

• pam_unix_account(5)

• pam_unix_auth(5)

• pam_unix_session(5)

In the Solaris 8 HW 7/03 release, these modules replace the pam_unix(5) module. However, the Trusted Solaris 8 HW 7/03 release does not support these new modules. Instead, this release maintains documented use of the pam_unix(5) module as the required configuration.

Changes to Auditing

The Solaris 8 HW 7/03 release introduced changes to the audit_class file and to the audit_event file. The Trusted Solaris 8 HW 7/03 release includes those changes. Backward compatibility with a site's existing user configuration is maintained. In addition, audit trails from previous Trusted Solaris releases can still be processed.

The audit_class file has changed in the following ways:

• Some classes have been assigned to a new mask value.

• Some administrative classes have been changed.

• Some administrative classes have been added.

• The obsolete fn and io classes have been removed.

The audit_event file has changed in the following ways:

• Some events have been assigned to a new class. The new assignments correspond to the audit_class changes that are described in the preceding list.

• Several obsolete events have been changed to the no class.

For details of the changes, see the audit_class file and the audit_event file on your system.

Man Page Changes and Additions to the Trusted Solaris 8 HW 7/03 Release

The Trusted Solaris 8 HW 7/03 release incorporates the man page additions and man page modifications from the Solaris 8 HW 7/03 release. These changes include the following man pages:

• Man pages from the SUNWman patches in the Solaris 8 HW 7/03 release

  • SUNWman patch 108808-43 for SPARC platforms

  • SUNWman patch 108809-43 for x86 platforms

• Man pages that describe new or updated hardware information, and are not part of a patch

All Trusted Solaris man pages, including the new and updated man pages, are available in Trusted Solaris 8 HW 7/03 software by using the man command.

The following new and updated man pages contain Trusted Solaris changes. The latest versions are available only from the man command in the Trusted Solaris 8 HW 7/03 release.

• crontab(1)

• update_drv(1M)

• exec(2)

• pam_unix(5)

The following new man pages do not include Trusted Solaris changes. These man pages are available from two locations:

• From the man command in the Trusted Solaris release

• From the Solaris 9 Reference Manual Collection on the docs.sun.com web site

• SUNWzulu_config(1M)
• idsconfig(1M)
• ldapaddent(1M)
• raidctl(1M)
• zuludaemon(1M)
• bind_textdomain_codeset(3C)
• dcngettext(3C)
• dngettext(3C)
• ngettext(3C)
• libsmartcard(3LIB)
• SCF_*(3SMARTCARD) man pages
• alias(4)
• pam_authtok_check(5)
• pam_authtok_get(5)
• pam_authtok_store(5)
• pam_dhkeys(5)
• pam_passwd_auth(5)
• pam_unix_account(5)
• pam_unix_auth(5)
• pam_unix_session(5)
• av1394(7D)
• ehci(7D)
• grbeep(7D)
• mpt(7D)
• ugen(7D)
• usb_sd(7D)
• usbser_edge(7D)
• zulu(7D)
• usb_ah(7M)

The following updated man pages do not include Trusted Solaris changes. These man pages are available from two locations:

• From the man command in the Trusted Solaris release

• From the Solaris 9 Reference Manual Collection on the docs.sun.com web site

• rmformat(1)
• ed(1)
• env(1)
• gettext(1)
• ksh(1)
• ldap(1)
• ldaplist(1)
• msgfmt(1)
• nice(1)
• rmformat(1)
• sh(1)
• ldap_cachemgr(1M)
• ldapclient(1M)
• gettext(3C)
• iconv_open(3C)
• popen(3C)
• system(3C)
• libpam(3LIB)
• pam.conf(4)
• pam_ldap(5)
• audiots(7D)
• hid(7D)
• hubd(7D)
• ohci(7D)
• scsa2usb(7D)
• st(7D)
• usb_ac(7D)
• usb_as(7D)
• usb_mid(7D)
• usba(7D)
• usbprn(7D)
• mtio(7I)
• usbkbm(7M)
• usbms(7M)
• if_tcp(7P)
• scsi_hba_attach_setup(9F)

Known Problems With the Software

This section identifies known problems in the Trusted Solaris 8 HW 7/03 software, describes the problems, and suggests solutions. These bugs might or might not be fixed in a future release.

x86: Installation Difference Between the Trusted Solaris 8 4/01 Release and the Trusted Solaris 8 HW 7/03 Release

Trusted Solaris Installation and Configuration instructs the customer to remove the boot diskette.

Workaround: When the installation program informs you to remove the boot diskette, do so. The CD-ROM is still inserted. During the BIOS/system self-tests, you can remove the CD.

If you have installed the software from a CD-ROM, leave the CD-ROM in the drive. If you are doing an upgrade install, the system does not automatically reboot after the installation of the first CD.

• On most systems, if you fail to remove the CD during the self-tests, the device configuration screen appears. You can then navigate the menus in the Device Configuration Assistant (DCA) and select the hard drive to boot from. You then remove the CD when the installation program prompts you to do so.

• If you are installing a Sun Fire V60x or a Sun Fire V65x system, you must remove the CD during the BIOS/system self-tests. You are not prompted to remove the CD. You then boot directly from the disk.

x86: Sun Fire V60x and V65x and the DCA Diskette (4920740)

Neither the Device Configuration Assistant (DCA) diskette nor the CD-ROM can boot a Sun Fire V60x or a Sun Fire V65x system. For installation issues, see the preceding section.

Workaround: If your hard drive becomes corrupted or is overwritten, use the Solaris 9 8/03 DCA diskette. This diskette supports the Sun Fire V60x and V65x platforms. If you do not have a DCA diskette for the Solaris 9 8/03 release, download the software from the Sun web site. Follow these steps:

1. Go to the Sun BigAdmin^SM web site at http://www.sun.com/bigadmin.

2. Select HCL from the left-hand column.

3. Select Solaris x86 Device Configuration Assistant 1.1. Then, follow the directions to download the DCA software to a diskette.

4. Use the DCA diskette to boot the Sun Fire V60x and Sun Fire V65x systems.

Client Cannot Contact Trusted Solaris Net Install Server (4907769)

A network install server that is running the Trusted Solaris operating system is unable to communicate with Trusted Solaris clients that the install server has installed until the server is rebooted.

Workaround: If the client will need to be in contact with the network install server, reboot the server. If there are multiple clients to install, reboot the server after the client installations are complete.

Alternatively, you can install Trusted Solaris clients from a network install server that is running the Solaris operating system.

ftp Through CIPSO Router Does Not Work (4797140)

When an unlabeled machine sends a full packet, an intervening labeled gateway adds the CIPSO header. The addition of the CIPSO header makes the packet larger than 1500 bytes, and therefore the packet is dropped due to size.

Workaround: By setting the MTU on the system to be smaller, the problem is solved. Then, when the CIPSO label is added, the packet is still a legal size.

xterm Windows Terminate When Cutting and Pasting With xinerama (4895240)

Cutting and pasting between xterm windows when using xinerama causes the following problems:

• The xterm application that the data is copied from terminates. Termination happens at the instant that the data is pasted.

• Running the mozilla application results in a BadWindow error, with mozilla failing to run.

• The title bar and label bar of exposed windows is not properly redrawn.

Workaround: None.

Languages CD Is Not Supported

This release supports only the C locale (U.S. English). Thus, no Languages CD is provided.

Communication Between TSIX Host Types With IPsec AH Is Broken (4471447)

Network packets that use the TSIX protocol are not processed correctly when AH headers are present.

Workaround: None.

IKE Does Not Work With the TSOL Host Type (4548783)

Network packets that are labeled with the TSOL protocol are not processed correctly by IKE in the SunScreen^TM 3.2 product. The SunScreen product is co-packaged with this release. The SunScreen log messages show IKE_INVALID_COOKIE.

The SunScreen software properly processes TSOL-labeled network traffic that is in clear text. The SunScreen IKE software also behaves correctly in the Trusted Solaris operating environment to protect traffic between unlabeled network connections.

Workaround: None.

nisaddent Causes a SIGSEGV Error When Adding to tnrhdb (4491941)

A SIGSEGV error is produced when using the nisaddent -avf command to add an incorrectly formatted file to the tnrhdb NIS+ map. The incorrectly formatted file produces a core dump.

Workaround: The nisaddent command works correctly with a valid input file. To ensure that the input file has fields separated by colons and not by spaces, use niscat -s : when dumping an NIS+ table that will be used later as input to NIS+.

File System Label Ranges Are Not Enforced for Unlabeled NFS File Systems (4150441)

This bug occurs in a very unusual situation. The administrator must have consciously configured an NFS remote host to be at one label, and the label range to be another label.

Workaround: To prevent the creation of files at the default label for the server, mount the file system as “read-only”. Existing files are unaffected, but the read-only mount option prevents the creation of files at a label outside the label range.

Graphical Window Manager Controls Do Not Work (4462771)

The new utilities sdtgwm, sdtwsm, and sdtwinlst and their corresponding actions in the Desktop_Apps folder generate errors, such as Warning: Query Module Not Running.

Workaround: None. These tools are inappropriate for users in the Trusted Solaris environment. Thus, the tools are not supported.

niscat Command Hangs and Spawns Multiple nisd Processes on an NIS+ Server (4430740)

The bug is known to occur when the Solaris Management Console is running on an NIS+ client or master and has loaded its toolbox from an NIS+ replica. Next, the replica is shut down and the Solaris Management Console is used to update any NIS+ maps. Since the machine from which the Solaris Management Console loaded its toolbox is down, the Solaris Management Console client has no way to communicate with the Solaris Management Console server, which is the machine from which the toolbox has been loaded.

Workaround: Do not use the Solaris Management Console to update NIS+ databases when an NIS+ replica is down. Use the standard NIS+ command-line interface instead.

Trusted Solaris Label Encodings File Requires Coding for ILs (4329208)

Although Trusted Solaris 8 software does not support information labels (ILs), the chk_encodings command fails with the following error if the label_encodings file omits information about ILs.

# chk_encodings label_encodings
   Label encodings conversion error at line 37:
      Can't find INFORMATION LABELS specification.
      Found instead: "SENSITIVITY LABELS:".
   label_encodings: label encodings syntax check failed.

Workaround: Copy a valid SENSITIVITY LABELS: section in your label_encodings file, and rename the section to INFORMATION LABELS:, as in:

INFORMATION LABELS: 
...
WORDS: 
...
REQUIRED COMBINATIONS: 
...
COMBINATION CONSTRAINTS:
...

See the label_encodings(4) man page for more information.

smosservice Command Fails to Create OS Server (4378498)

The Solaris Management Console commands smosservice and smdiskless do not work correctly.

Workaround: Set up diskless service manually. On the OS server, name and allocate the client disk partitions during the installation process.

Drag-and-Drop Operations Do Not Work for OPEN LOOK Applications (4095021)

Drag-and-drop operations do not work reliably for OPEN LOOK applications.

Workaround: Use the copy and paste keys with OPEN LOOK applications.

Nonexistent Location ID: FileManagerLabelsHelp (4477399)

This bug is seen when you perform the following steps:

1. Insert diskette.

   floppy_0 is allocated by Device Allocation Manager.

2. From File Manager, click the File menu and select Removable Media Manager.

3. Select the diskette icon. Click mouse button 3 to open the Labels menu item.

4. In Removable Media Manager - File Labels (the Trusted Solaris Label Builder), click the Help button at bottom right of the dialog box.

Workaround: Perform the following steps:

1. Click mouse button 3 on the Front Panel and select Help from the menu. The Workspace Manager – Help window appears.

2. In the Workspace Manager – Help window, scroll down in the top pane to Trusted Solaris Applications and select that text.

3. In the bottom pane, click Create Labels.

Solaris Management Console Mounts and Shares Tools Do Not Set or Modify Trusted Solaris Attributes (4496897)

The Solaris Management Console Mounts tool and Solaris Management Console Shares tool do not manipulate Trusted Solaris attributes.

Workaround: Use the Set Mount Points action and the Share Filesystems action to handle Trusted Solaris attributes. You can also use the Admin Editor on the /etc/vfstab file and the /etc/dfs/dfstab file.