Applications can be entry points for malware and malicious users. In Oracle Solaris, these threats are mitigated by the use of privileges and the containment of applications within zones. Applications can run with just the privileges that the application needs, so a malicious user does not have root privileges to access the rest of the system. Zones can limit the extent of an attack. Attacks on applications in a non-global zone can affect processes in that zone only, not the zone's host system.
Security extensions, such as address space layout randomization (ASLR), nxheap, and nxstack make it difficult for intruders to compromise an executable or the heap. For more information, see Security Extensions. The Service Management Facility (SMF) also protects applications by enabling administrators to restrict starting, stopping, and using an application.
Privileges are fine-grained, discrete rights on processes that are enforced in the kernel. Oracle Solaris defines over 80 privileges, ranging from basic privileges like file_read to more specialized privileges like proc_clock_highres. Privileges can be granted to a process, a user, or a role. Many Oracle Solaris commands and daemons run with just the privileges that are required to perform their task. Privilege-aware programs can prevent intruders from gaining more privileges than the program itself uses.
The use of privileges is also called process rights management. Privileges enable organizations to specify, hence limit, which privileges are granted to services and processes that run on their systems.
For more information, see the following:
Process Rights Management in Securing Users and Processes in Oracle Solaris 11.3
Chapter 2, Developing Privileged Applications in Developer’s Guide to Oracle Solaris 11.3 Security
Selected man pages include ppriv(1) and privileges(5).
The Oracle Solaris Zones software partitioning technology enables you to maintain the one-application-per-server deployment model while simultaneously sharing hardware resources.
Zones are virtualized operating environments that enable multiple applications to run in isolation from each other on the same physical hardware. This isolation prevents processes that run within a zone from monitoring or affecting processes that run in other zones, viewing each other's data, or manipulating the underlying hardware. Zones also provide an abstraction layer that separates applications from physical attributes of the system on which they are deployed, such as physical device paths and network interface names.
For added protection, physical global zones, called Immutable Global Zones, and virtual global zones, called Oracle Solaris Kernel Zones, can be read-only. Immutable global zones are slightly more powerful than Kernel Zones, but neither can permanently change the hardware or configuration of the system. Read-only zones boot faster and are more secure than zones that allow writes.
Oracle Solaris Kernel Zones are useful for deploying a compliant system. For example, you can configure a compliant system, create a Unified Archive, then deploy the image as a kernel zone. For more information, see the solaris-kz(5) man page, Creating and Using Oracle Solaris Kernel Zones, Oracle Solaris Zones Overview in Introduction to Oracle Solaris 11 Virtual Environments, and Using Unified Archives for System Recovery and Cloning in Oracle Solaris 11.3.
For more information, see the following:
Chapter 11, Configuring and Administering Immutable Zones in Creating and Using Oracle Solaris Zones
Selected man pages include brands(5), zoneadm(1M), and zonecfg(1M).
Oracle Solaris security extensions are flags at the kernel level that protect the stack and the heap from compromise. Address space layout randomization (ASLR) randomizes the addresses that are used by a given program. The nxheap and nxstack security extensions prevent corruption of executables stacks and the heap by malicious code. For more information, see Protecting Against Malware With Security Extensions in Securing Systems and Attached Devices in Oracle Solaris 11.3 and Protecting the Process Heap and Executable Stacks From Compromise in Securing Systems and Attached Devices in Oracle Solaris 11.3. For how to use these security extensions when compiling applications, follow the links in Writing Applications That Run Securely.
Services are persistently running applications. A service can represent a running application, the software state of a device, or a set of other services. The Service Management Facility (SMF) feature of the Oracle Solaris is used to add, remove, configure, and manage services. SMF uses rights management to control access to service management functions on the system. In particular, SMF uses authorizations to determine who can manage a service and what functions that person can perform.
SMF enables organizations to control access to services, as well as to control how those services are started, stopped, and refreshed.
For more information, see the following:
Selected man pages include svcadm(1M), svcs(1), and smf(5).
Java provides the Java Cryptography Extension (JCE) for developers of Java applications. For more information, see Java SE Security (https://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html).