Controlling Access to Devices
Peripheral devices that are attached to a computer system pose a security risk.
Microphones can pick up conversations and transmit them to remote systems. CD-ROMs can leave
their information behind for reading by the next user of the CD-ROM device. Printers can be
accessed remotely. Devices that are integral to the system, for example, network interfaces
such as bge0
, can also present security issues.
Oracle Solaris software provides several methods of controlling access to devices.
-
Set device policy – You can require that the process that is accessing a particular device be run with a set of privileges. Processes without those privileges cannot use the device. At boot time, Oracle Solaris software configures device policy. Third-party drivers can be configured with device policy during installation. After installation, you as the administrator can add device policy to a device.
-
Make devices allocatable – You can require that a user must allocate a device before use. Allocation restricts the use of a device to one user at a time. You can further require that the user be authorized to use the device.
-
Prevent devices from being used – You can prevent the use of a device, such as a microphone, by any user on a computer system. For example, a computer kiosk might be a good candidate for making certain devices unavailable for use.
-
Confine a device to a particular zone – You can assign the use of a device to a non-global zone. For more information, see Device Use in Non-Global Zones in Creating and Using Oracle Solaris Zones.