Trusted Processes in the Window System
In Solaris Trusted Extensions (CDE), the following window system processes are trusted:
The window system's trusted processes are available to everyone, but access to
administrative actions is restricted to roles in the global zone.
In the File Manager, if an action is not in one of the
account's profiles, the icon for the action is not visible. In the
Workspace Menu, if an action is not in one of the account's
profiles, the action is visible, but an error displays if the action
In Trusted CDE, the window manager, dtwm, calls the Xtsolusersession script. This
script works with the window manager to invoke actions that are started from
the window system. The Xtsolusersession script checks the account's rights profiles when
the account attempts to launch an action. In either case, if the
action is in an assigned rights profile, the action is run with the
security attributes that are specified in the profile.
Adding Trusted CDE Actions
The process of creating and using CDE actions in Trusted Extensions is
similar to the process in the Oracle Solaris OS. Adding actions is
described in the Chapter 4, Adding and Administering Applications, in Solaris Common Desktop Environment: Advanced User’s and System Administrator’s Guide.
As in the Oracle Solaris OS, the use of actions can be
controlled by the rights profile mechanism. In Trusted Extensions, several actions have
been assigned security attributes in the rights profiles of administrative roles. The
security administrator can also use the Rights tool to assign security attributes to
The following table summarizes the main differences between an Oracle Solaris system
and a Trusted Extensions system when you create and use actions.
Table 19-1 Constraints on CDE Actions in Trusted Extensions
New actions can be created by anyone within the originator's
A new action is automatically usable by its creator.
An action is
usable only if the action is in a rights profile that is
assigned to the user. The search path for actions differs. Actions in
a user's home directory are processed last instead of first. Therefore, no
one can customize existing actions.
Users can create a new action in their
home directory, but the action might not be usable.
Users with the All
profile can use an action that they create. Otherwise, the security administrator
must add the name of the new action to one of the
account's rights profiles.
To start the action, the user uses the File Manager.
The system administrator can place actions in public directories.
Actions can be dragged
and dropped to the Front Panel.
The Front Panel is part of the
trusted path. The window manager recognizes only the administratively added actions that
are located in the /usr/dt and /etc/dt subdirectories. Even with the All
profile, a user cannot drag a new action to the Front Panel. Actions
from a user's home directory are not recognized by the window manager.
The manager only checks the public directories.
Actions can do privileged operations if
they are run by root.
Actions can do privileged operations if the actions
have been assigned privileges in a rights profile that has been assigned
to a user.
Actions are not managed by the Solaris Management Console.
assigned to rights profiles in the Rights tool of the Solaris Management
Console. If new actions are added, the security administrator can make the
new actions available.