Trusted Extensions uses the same security mechanisms as the Solaris OS. The mechanisms include the following:
Authorizations – Users of a program can be required to have a particular authorization. For information about authorizations, see Solaris RBAC Elements and Basic Concepts in System Administration Guide: Security Services. Also, see the auth_attr(4) and getauthattr(3SECDB) man pages.
Privileges – Programs and processes can be assigned privileges. For information about privileges, see Chapter 8, Using Roles and Privileges (Overview), in System Administration Guide: Security Services. Also, see the privileges(5) man page.
The ppriv command provides a debugging utility. For details, see the ppriv(1) man page. For instructions on using this utility with programs that work in non-global zones, see Using the ppriv Utility in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones.
Right Profiles – Rights profiles collect security attributes in one place for assignment to users or roles. For information about rights profiles, see RBAC Rights Profiles in System Administration Guide: Security Services. Trusted Extensions adds CDE actions to the type of executables that can be assigned security attributes.
Trusted libraries – Dynamically shared libraries that are used by setuid, setgid, and privileged programs can be loaded only from trusted directories. As in the Solaris OS, the crle command is used to add a privileged program's shared library directories to the list of trusted directories. For details, see the crle(1) man page.