Oracle® Solaris 11 Security Guidelines

Exit Print View

Updated: August 2014

Protecting and Isolating Applications

Applications can be entry points for malware and malicious users. In Oracle Solaris, these threats are mitigated by the use of privileges and the containment of applications within zones. Applications can run with just the privileges that the application needs, so a malicious user does not have root privileges to access the rest of the system. Zones can limit the extent of an attack. Attacks on applications in a non-global zone can affect processes in that zone only, not the zone's host system.

Address space layout randomization (ASLR) and the Service Management Facility (SMF) are additional features that protect applications. ASLR makes it difficult for intruders to hijack an executable, and SMF features enable administrators to restrict starting, stopping, and using an application.