Use Trusted Solaris Installation and Configuration (PN 816-1040-10) to configure the Trusted SolarisTM Operating System. The differences between a Trusted Solaris Operating System and a SolarisTM Operating System require planning and guidance during installation and configuration. Differences occur in labels, clearance confirmations, obligatory passwords, security configuration choices, name service domain setup, secure network setup, and no superuser.
The Trusted Solaris 8 2/04 release upgrades the Trusted Solaris 8 HW 7/03 release to use UltraSPARC® IV processors. The new release also enhances the following software with security:
Solaris 8 2/04 release
X Windows, version 11.0
CDE 1.4.8 (Common Desktop Environment)
Solaris Management Console 2.0.0 administrative interface
This release includes the following fixes:
Bug fixes for Solaris software that affect Trusted Solaris software. See Table 1–1.
Patches that were released to patch earlier Trusted Solaris releases, and bug fixes. See Table 1–2.
All Solaris patches that were included in the Solaris 8 2/04 release. Use the showrev -p command to list the patches that have been applied to the system.
You can safely apply some patches that are available for the standard releases of Solaris software, CDE, X Windows, or the Solaris Management Console. Trusted Solaris software is packaged to reflect differences from Solaris software packages only where such differences exist.
The sections in this document are as follows:
Solaris Bug Fixes Incorporated Into the Trusted Solaris 8 2/04 Release
Trusted Solaris Bugs Fixed in the Trusted Solaris 8 2/04 Release
Man Page Changes or Additions in the Trusted Solaris 8 2/04 Release
The docs.sun.comSM web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
For additional information about the Trusted Solaris product, visit the http://www.sun.com/trustedsolaris web site.
For help from the user community in a public forum, visit the http://www.sun.com/supporttraining web site. Select Forums. After selecting Trusted Solaris Security, you can click the Register button to register for and participate in the Trusted Solaris Support Forum.
The following books contain information about this release:
For bugs that have been fixed between the Trusted Solaris 8 HW 12/02 and Trusted Solaris 8 HW 7/03 releases, and for changes from the Trusted Solaris 8 HW 7/03 release to this release. Also contains a list of interfaces that might be changed in future releases.
For features that the Trusted Solaris 8 2/04 release inherits from the Solaris 8 2/04 release. Features can include hardware information.
For late-breaking news about the Solaris 8 2/04 release and hardware information.
For features that have been added since the Solaris 8 HW 7/03 release.
See the Solaris 8 2/04 Update Collection, http://docs.sun.com/db/coll/834.4.
The Trusted Solaris 8 2/04 release supports the workstation, server, and peripherals hardware that are supported by the Solaris 8 2/04 release. The Trusted Solaris 8 HW 7/03 and Trusted Solaris 8 2/04 releases also support the Sun FireTM V60x and Sun Fire V65x hardware platforms.
For the hardware that is supported by the Solaris 8 2/04 release, see Reading About the Changes and Features in This Release.
For the Sun Fire V60x and Sun Fire V65x servers, do the following steps to reach documentation that can be downloaded:
Go to the Sun hardware documentation web site, http://www.sun.com/products-n-solutions/hardware/docs.
In the left-hand column, click Servers.
Click Sun Fire V60x and V65x to reach the list of documentation.
Information in this section is provided to help assist customers and vendors with early planning for migration to future releases. This information is based on information that is presently available.
In the future, Sun might no longer supply Trusted Solaris software as a product that is based on modifying the Solaris kernel. Instead, Sun might produce the functionality as software that is designed to meet or exceed the requirements of the Common Criteria's Labeled Security Protection Profile. Sun might also include features such as the multilevel secure desktop and trusted networking. This functionality might be installed with a future release of the Solaris operating system.
Some features that might change are:
The name of the product might change.
The information labels (ILs) feature was removed in the Trusted Solaris 7 release, but programmatic storage for ILs was maintained in order to preserve compatibility. That storage might be removed in a future release.
Support for the TSIX protocol might be dropped.
The NIS+ naming service might be replaced by another naming service in future releases.
The formats of configuration files might change. The file formats are described in section 4 of the Reference Manual of earlier releases. For example, the entries and the fields in the exec_attr file and the user_attr file might change.
The names of privileges might change. Therefore, interfaces that check for specific privileges might change correspondingly. For example, the privilege macros that are described on the priv_macros(5) man page might change.
Your experience when using future releases of Trusted Solaris software will generally be the same as your current experience. However, the underlying implementation for features such as privileges, file system attributes, and networking might change. For example, the interfaces that are documented in the Trusted Solaris Reference Manual might change.
For information about specific interfaces that might change in a future Trusted Solaris release, see Appendix A, Possible Interface Changes in a Future Trusted Solaris Release.
The Trusted Solaris 8 2/04 release includes all product patches and bug fixes that were incorporated into the Solaris 8 2/04 release. This release also includes some of the patches for the Solaris 8 2/04 release. To see the list of patches, use the showrev -p command.
Additional bug fixes that are included in the Trusted Solaris 8 2/04 release are listed in the following table. Some bug fixes are for software that is part of the Trusted Solaris release, such as CDE or the Solaris Management Console.
Table 1–1 Solaris Bug Fixes Incorporated Into the Trusted Solaris 8 2/04 Release
Solaris Bug Number |
Synopsis |
---|---|
None |
Upgrade BIND to version 8.2.4 |
2126367 6248413 |
Need to support pam_passwd_auth.so.1. passwd asks wrong password for root if running NIS+. |
4353832 |
fsck gives up too easily. |
4392163 |
Some ftp clients expose in.ftpd EPRT bug. |
4471907 |
libresolv() does not init in an IPv6-only environment. |
4500613 |
Remove res_npquery() function prototype. |
4509659 |
ufs: dnlc contains many “.” entries. |
4617431 |
Mozilla dumps core when using libresolv2. |
4671383 |
ufs create/mkdir/edquota deadlock |
4705157 |
in.rwhod is too trusting of input format. |
4705393 |
newgrp is vulnerable to buffer overflow. |
4723351 |
ufs: file link count is 0. |
4765506 |
NIS+ has problems when password is longer than 8 characters. |
4786448 6182042 |
/usr/dt/bin/dtaction segfaults |
4789213 |
stat() succeeds on dir/. even when dir is mode 000. |
4803148 |
ufs has issues reading its own directories. |
4805635 |
root can change end user password in NIS+ without entering its own password. |
4830406 |
passwd utility does not handle NIS+ subdomains correctly. |
4863307 |
nsupdate fails with more than 14 NS records for Bind 8.2.2 and 8.2.4 |
4873939 |
PAM and compat do not work after applying patch 108993-18. |
4879704 |
ndc cannot switch off tracing with notrace when in.named is under heavy load. |
4879822 |
in.named core dumps, Solaris 8, Bind v. 8.2.2-P5 |
4887906 |
pam_sm_chauthtok() returns 13 (PAM_USER_UNKNOWN) if lastchg=0 for local users. |
4889619 |
Unreferenced files seen by fsck on a cleanly unmounted filesystem. |
4913437 |
Changing password in NIS+ fails on clients with “Permission denied”. |
4917860 6182042 |
DtSvc:potential buffer overflow hole. |
4933407 |
Resolvers do not follow referrals (SUNW_CHAINING fix). |
4941011 |
nslookup view command fails with sed: command garbled. |
4954379 |
Sendmail contains buffer overflow in ruleset parsing. |
4977110 |
passwd does not work with compat entries in /etc/nsswitch.conf. |
4981868 |
passwd with NIS+ back end chooses wrong uid/credentials for update |
5007891 |
Solaris 8 passwd command may SEGV on NIS+ master servers. |
5014993 |
User logins may fail when nsswitch compat mode is used with NIS+ or LDAP |
5044522 |
Root is able to change user password if number of attempts is greater than max_attempts in NIS+. |
5055875 |
Buffer overflow in auth_to_local rules. |
5092678 6182042 |
libDtSvc contains a buffer overflow when dealing with DTDATABASESEARCHPATH |
5108531 |
Multiple PASV allow multiple port bound causes running out of ports. |
5086486 5098146 |
Buffer overflows in Xpm code in libXm (CESA-2004-003 / CAN-2004-0687). |
5086488 5098146 |
Integer overflows in Xpm code in libXm (CESA-2004-003 / CAN-2004-0688). |
6234932 |
telnet.c buffer overflow. |
The following table describes bugs from earlier Trusted Solaris releases that are fixed in this release. This section includes a description of how to use a new feature on the CDE menu.
Table 1–2 Trusted Solaris Bugs That Have Been Fixed in the Trusted Solaris 8 2/04 Release
Trusted Solaris Bug Number |
Trusted Solaris Patch ID, If Any |
Synopsis |
---|---|---|
4934078, 5045660 |
117490-03 117491-03 117979-01 117980-01 117826-01 117827-01 |
Users should not trigger NFS network traffic for file systems that they cannot access. |
4956889 |
119038-01 119039-01 |
Workspace menu should recognize available applications. To use this feature, see To Customize Workspace Menu. |
4965212 |
117490-01 |
Order of checking in tnrh_credchk() complicates privilege debugging. |
4920740 |
Device Configuration Assistant (DCA) diskette and CD-ROM cannot boot Sun Fire V60x or Sun Fire V65x |
|
5016234 5018531 5028607 |
116934-02 116935-02 |
Replicated automount servers do not work if one is up but not sharing. |
5020313 |
118006-01 118007-01 |
Multiple logins as the same user in a failover group in Sun Ray 2.0. |
5032544 |
118055-01 118056-01 |
Enabling tcp_strict_syn_policy breaks printing. |
5038488 |
117581-01 117581-05 |
SunRay patch 114880-04 breaks USB devices and audio on Trusted Solaris software. |
5040043 |
118383-01 118384-01 |
Trying to connect to local Xserver at dtlogin results in hang. |
5044793 |
118066-01 118067-01 |
Trusted Solaris 8 can deadlock in the network stack. |
5056435 |
116934-02 116935-02 |
Coding error in automountd complicates configuration debugging. |
5065635 5074088 |
118015-01 118016-01 |
utgroupsig feature does not work in Trusted Solaris software. |
5074119 |
117579-05 117580-04 |
Backport security fix 4947668 for Solaris Management Console to Trusted Solaris software. |
5077438 |
118272-01 118273-01 |
Solaris linker bug |
5069902 6191815 |
Upgrade Apache to 1.3.31 + fix for Sun Alert 57628 |
|
6182112 |
118800-01 118801-01 |
dtmail contains a buffer overflow in the command line interface. |
6212255 |
119094-01 119095-01 |
Trusted Solaris 8 HW 7/03 audit_class file uses same masks. |
6215421 |
118741-02 118742-02 |
Fix for 5061043 (included in 6191815) breaks Trusted Solaris setprof. |
5026455 5033132 5038488 5066620 |
117581-03 |
Detaching a Sun Ray NSCM session kills the session. |
5032544 |
118055-01 118056-01 |
Enabling tcp_strict_syn_policy breaks printing. |
5044793 |
118066-01 118067-01 |
IP: Trusted Solaris 8 can deadlock in the network stack. |
5075722 |
Trusted Solaris 8 HW 7/03 upgrade install modifies pam.conf with wrong modules |
|
6224841 |
Panic in tsol2tnet called from tsol_labelit. |
|
6236207 |
Trusted Solaris 8 HW 7/03 dtgreet not exiting properly when exiting remote host |
|
119696-01 119697-01 |
CDE library patch |
|
119698-01 119699-01 |
PAM patch |
The fix for bug 4956889 adds a new feature to the Workspace Menu. The feature enables a user to add applications to the Workspace Menu.
Procedure: Follow these steps to customize and update the workspace menu.
Choose the applications that you want by clicking the Customize Menu ... item in the Workspace Menu.
A File Manager appears with the selections that are available at that label for the Workspace Menu.
Make your choices for this workspace at this label.
Confirm your choices by clicking the File menu > Update Workspace Menu.
Restart the window manager by clicking Windows > Restart Workspace Menu from the Workspace Menu.
After the window manager restarts, the new selection displays in the Workspace Menu.
All Trusted Solaris man pages, including any new or updated man pages, are available in Trusted Solaris 8 2/04 software by using the man command.
This section identifies known problems in the Trusted Solaris 8 2/04 software, describes the problems, and suggests solutions. These bugs might or might not be fixed in a future release.
On both SPARC® and x86 platforms, communication is broken between hosts with tsol and tsol_cipso labels. The ping and rup commands work between the hosts. The commands telnet, rsh, and ftp do not work for local users within the range CONFIDENTIAL to TOP_SECRET. The commands telnet, rsh, and ftp work for ADMIN_LOW, UNCLASSIFIED and ADMIN_HIGH labels. The problem is consistent on V490, V890, SB1000, and V440R platforms, but is not observed on SB1500 and some x86 servers.
Workaround: None.
When patch 16336-07 or patch 119038-01 is installed, the Front and Open keys on the Sun keyboard fail to work once a role has been assumed.
Workaround: Do not use the Front or Open key.
On a Trusted Solaris 8 HW 12/02 system, do not install patch 116336-07. On a Trusted Solaris 8 HW 7/03 system, do not install patch 119038-01.
Trusted Solaris Installation and Configuration instructs the customer to remove the boot diskette.
Workaround: When the installation program informs you to remove the boot diskette, do so. The CD-ROM is still inserted. During the BIOS/system self-tests, you can remove the CD.
If you have installed the software from a CD-ROM, leave the CD-ROM in the drive. If you are doing an upgrade install, the system does not automatically reboot after the installation of the first CD.
On most systems, if you fail to remove the CD during the self-tests, the device configuration screen appears. You can then navigate the menus in the Device Configuration Assistant (DCA) and select the hard drive to boot from. You then remove the CD when the installation program prompts you to do so.
If you are installing a Sun Fire V60x or a Sun Fire V65x system, you must remove the CD during the BIOS/system self-tests. You are not prompted to remove the CD. You then boot directly from the disk.
A network install server that is running the Trusted Solaris operating system is unable to communicate with Trusted Solaris clients that the install server has installed until the server is rebooted.
Workaround: If the client will need to be in contact with the network install server, reboot the server. If there are multiple clients to install, reboot the server after the client installations are complete.
Alternatively, you can install Trusted Solaris clients from a network install server that is running the Solaris operating system.
A black line appears at the bottom of a small number of Solaris Management Console dialog boxes. The line obscures some buttons.
Workaround:
Resize the dialog box to see the buttons.
Install the Java fix (version 1.2.2_17b or higher) for this bug when the fix is available.
When an unlabeled machine sends a full packet, an intervening labeled gateway adds the CIPSO header. The addition of the CIPSO header makes the packet larger than 1500 bytes, and therefore the packet is dropped due to size.
Workaround: By setting the MTU on the system to be smaller, the problem is solved. Then, when the CIPSO label is added, the packet is still a legal size.
Cutting and pasting between xterm windows when using xinerama causes the following problems:
The xterm application that the data is copied from terminates. Termination happens at the instant that the data is pasted.
Running the mozilla application results in a BadWindow error, with mozilla failing to run.
The title bar and label bar of exposed windows is not properly redrawn.
Workaround: None.
This release supports only the C locale (U.S. English). Thus, no Languages CD is provided.
Network packets that use the TSIX protocol are not processed correctly when AH headers are present.
Workaround: None.
Network packets that are labeled with the TSOL protocol are not processed correctly by IKE in the SunScreenTM 3.2 product. The SunScreen product is co-packaged with this release. The SunScreen log messages show IKE_INVALID_COOKIE.
The SunScreen software properly processes TSOL-labeled network traffic that is in clear text. The SunScreen IKE software also behaves correctly in the Trusted Solaris operating environment to protect traffic between unlabeled network connections.
Workaround: None.
A SIGSEGV error is produced when using the nisaddent -avf command to add an incorrectly formatted file to the tnrhdb NIS+ map. The incorrectly formatted file produces a core dump.
Workaround: The nisaddent command works correctly with a valid input file. To ensure that the input file has fields separated by colons and not by spaces, use niscat -s : when dumping an NIS+ table that will be used later as input to NIS+.
This bug occurs in a very unusual situation. The administrator must have consciously configured an NFS remote host to be at one label, and the label range to be another label.
Workaround: To prevent the creation of files at the default label for the server, mount the file system as “read-only”. Existing files are unaffected, but the read-only mount option prevents the creation of files at a label outside the label range.
The new utilities sdtgwm, sdtwsm, and sdtwinlst and their corresponding actions in the Desktop_Apps folder generate errors, such as Warning: Query Module Not Running.
Workaround: None. These tools are inappropriate for users in the Trusted Solaris environment. Thus, the tools are not supported.
The bug is known to occur when the Solaris Management Console is running on an NIS+ client or master and has loaded its toolbox from an NIS+ replica. Next, the replica is shut down and the Solaris Management Console is used to update any NIS+ maps. Since the machine from which the Solaris Management Console loaded its toolbox is down, the Solaris Management Console client has no way to communicate with the Solaris Management Console server, which is the machine from which the toolbox has been loaded.
Workaround: Do not use the Solaris Management Console to update NIS+ databases when an NIS+ replica is down. Use the standard NIS+ command-line interface instead.
Although Trusted Solaris 8 software does not support information labels (ILs), the chk_encodings command fails with the following error if the label_encodings file omits information about ILs.
# chk_encodings label_encodings Label encodings conversion error at line 37: Can't find INFORMATION LABELS specification. Found instead: "SENSITIVITY LABELS:". label_encodings: label encodings syntax check failed. |
Workaround: Copy a valid SENSITIVITY LABELS: section in your label_encodings file, and rename the section to INFORMATION LABELS:, as in:
INFORMATION LABELS: ... WORDS: ... REQUIRED COMBINATIONS: ... COMBINATION CONSTRAINTS: ... |
See the label_encodings(4) man page for more information.
The Solaris Management Console commands smosservice and smdiskless do not work correctly.
Workaround: Set up diskless service manually. On the OS server, name and allocate the client disk partitions during the installation process.
Drag-and-drop operations do not work reliably for OPEN LOOK applications.
Workaround: Use the copy and paste keys with OPEN LOOK applications.
This bug is seen when you perform the following steps:
Insert diskette.
floppy_0 is allocated by Device Allocation Manager.
From File Manager, click the File menu and select Removable Media Manager.
Select the diskette icon. Click mouse button 3 to open the Labels menu item.
In Removable Media Manager - File Labels (the Trusted Solaris Label Builder), click the Help button at bottom right of the dialog box.
Workaround: Perform the following steps:
Click mouse button 3 on the Front Panel and select Help from the menu. The Workspace Manager – Help window appears.
In the Workspace Manager – Help window, scroll down in the top pane to Trusted Solaris Applications and select that text.
In the bottom pane, click Create Labels.
The Solaris Management Console Mounts tool and Solaris Management Console Shares tool do not manipulate Trusted Solaris attributes.
Workaround: Use the Set Mount Points action and the Share Filesystems action to handle Trusted Solaris attributes. You can also use the Admin Editor on the /etc/vfstab file and the /etc/dfs/dfstab file.