Manualshelf

Specifications

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 3 - DEVELOPER TOOLS GUIDE
61626364656667686970
Red Hat Enterprise Linux to Oracle Solaris Porting Guide
64
The least privilege model includes nearly 50 fine-grained privileges as well as the basic privilege set.
With the help of process privileges, system administrators now can delegate limited permission to users
to override system security instead of giving users complete root access. On Oracle Solaris, a user
does not have to become superuser to use a privileged application. In Oracle Solaris, privileges are
enforced at the kernel level.
Authorizations can also be used to give additional permissions. An authorization is permission for
performing a class of actions that are otherwise prohibited by the security policy. An authorization can
be assigned to a role or a user. Authorizations are enforced at the user level.
On Oracle Solaris, when an application runs, privileges can be turned on or turned off
programmatically. By default, when a new program is started, that program can potentially use all of
the inheritable privileges of the parent process.
Appendix A provides a list of Oracle Solaris security privileges and their definitions.
Oracle Solaris Trusted Extensions
If you need a highly stringent system security, using the Oracle Solaris Trusted Extensions feature is a
good choice. Trusted Extensions software provides special security features and extends the
capabilities of Oracle Solaris to enable you to define and implement a security policy on an Oracle
Solaris system. You can get more information about Trusted Extensions at
http://docs.oracle.com/cd/E18752_01/html/819-0868
.
Ensure Strong Defenses
The internet comprises hundreds of thousands of networks that are interconnected without
boundaries. In today's business environment, you will hardly find any standalone servers catering to
meaningful business needs. Network sharing and data sharing have become an essential part of any
enterprise system deployment. With the advancement of the internet and interconnected networks,
network security has become essential. Part of almost every organizational network is accessible from
other computers across the world and is, therefore, potentially vulnerable to threats from individuals
who might not have any physical access.
Oracle Solaris provides a network security architecture that is based on standard industry interfaces. As
security technologies evolve, application developers do not have to modify their code if they use the
standardized interfaces. The Oracle Solaris network security architecture works with standard industry
interfaces, such as PAM, GSS-API, SASL, PKCS#11. Using the network security architecture
eliminates the need for developers to write, maintain, and optimize cryptographic algorithms.
Optimized cryptographic mechanisms are provided in Oracle Solaris 11 as part of the operating
system.
The cryptographic framework is the backbone of cryptographic services in Oracle Solaris. The
framework provides standard PKCS #11 interfaces to accommodate consumers and providers of
cryptographic services. The framework has two parts:
A user cryptographic framework for user-level applications