Solaris 10 What's New

Process Rights Management

This feature is new in the Software Express pilot program. This feature is included in the Solaris 10 3/05 release.

In the Solaris software, administrative tasks that previously required superuser rights are now protected by process rights management. Process rights management uses privileges to restrict processes at the command, user, role, or system level. A privilege is a discrete right that a process requires to perform an operation. The system restricts processes to only those privileges that are required to perform the current task. Therefore, fewer root processes are vulnerable to exploitation. The number of setuid programs has been greatly reduced.

As installed, the Software Express releases and the Solaris 10 3/05 release are completely compatible with previous releases of the Solaris Operating System in terms of the privileges enhancements. Unmodified programs that run as root run with all privileges.

Device Protection – Devices are protected with a security policy. The policy is enforced with privileges. Therefore, the permissions on a device file do not fully determine the device's availability. Privileges might also be required to operate the device.

System interfaces that were protected by UNIX permissions are now protected by privileges. For example, members of the group sys are no longer automatically allowed to open the /dev/ip device. Processes that are running with the net_rawaccess privilege can access the /dev/ip device. When the system boots, access to all devices is restricted until the devfsadm command runs during the boot sequence. The initial policy is as strict as possible. The policy prevents all users except the superuser from initiating connections.

See the following man pages for more information:

Processes that need to retrieve Solaris IP MIB information should open /dev/arp and push the “tcp” and “udp” modules. No privileges are required. This method is equivalent to opening /dev/ip and pushing the “arp”, “tcp” and “udp” modules. Because opening /dev/ip now requires a privilege, the /dev/arp method is preferred.

For further information, see the following sections in the System Administration Guide: Security Services: