Firewalls: Re: Tightening up SunOS 5.4 (was Re: Hardened OS)

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Tightening up SunOS 5.4 (was Re: Hardened OS)
From:	Rick Smith <smith @ sctc . com>
Date:	Wed, 8 Nov 1995 10:12:27 -0600
To:	firewalls @ greatcircle . com
Cc:	smith @ sctc . com, mjc @ quark . foobar . co . uk

"Martin Cooper" <mjc @
 quark .
 foobar .
 co .
 uk> writes:

>I thought Rick had posted to the list saying that having no root
>entry for uid 0 would cause problems with booting into single
>user mode, but perhaps it was someone else.

The explanation took a wrong turn, then. Yes, there is an entry for
UID 0 and a user called "root." It's just that the behavior of this
"root" user is still constrained by Type Enforcement rules. In
particular, nobody, not even root, can install executables or change
Type Enforcement rules when the system is in normal operation.

We designed the system so we could easily port network server software
and run it securely. That requires an execution context that pretty
much looks and acts like root (UID 0, etc), while being constrained by
enforcing "least privilege" on its behavior.

Rick.
smith @
 sctc .
 com

Indexed By Date	Previous:	Re: gated and bgp4 secure? From: Ted Doty <ted @ kgbvax . network . com>
Indexed By Date	Next:	Re: fairly recent web server compromise... From: peter @ nmti . com (Peter da Silva)
Indexed By Thread	Previous:	Re: Tightening up SunOS 5.4 (was Re: Hardened OS) From: Jim McBride <jim @ basic . net>
Indexed By Thread	Next:	Man in the Middle Attacks (Over rated?) From: Edward Maillet <maillet @ doc . cs . usm . maine . edu>