Oracle® Solaris Studio 12.4: Security Guide

Exit Print View

Updated: October 2014

Oracle Solaris Studio Security Considerations

Oracle Solaris Studio is a suite of compilers, debuggers, and analysis tools, and an integrated development environment (IDE), for developing, debugging, and tuning applications for the Solaris and Linux platforms. Like other development tools, the Oracle Solaris Studio compilers and tools are intended to be used in an environment that is isolated from production environments since these tools can accessed by users to manipulate applications during execution. While production environments are typically the focus of security considerations, developer tools and development environments should also be considered from a security perspective.

System administrators play an important role in determining which assets require protection and putting in place controls and policies to protect these assets. By itself, Oracle Solaris Studio does not provide any access to assets or operating environment features that the user does not already have. The risk that Oracle Solaris Studio adds is that it allows users who have gained un-entitled access to assets or systems by means that don't include Oracle Solaris Studio to use the capabilities of the Oracle Solaris Studio developer tools to cause a security breach. A user who is running the Oracle Solaris Studio tools has access to all of the capabilities exploited by the debuggers and analyzers by using the operating system interfaces directly. But the Oracle Solaris Studio tools make it easier to understand and use these operating system capabilities to probe the internals of applications, manipulate hardware registers, memory, and stack, and control the execution of an application.