Trusted Solaris 8 | eWeek

Trusted Solaris 8

Verfasst von
Jason Brooks
Jason Brooks
Sep 6, 2004
3 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Trusted Solaris has been around for a few years longer than SELinux. And, as a complete product rather than a do-it-yourself add-on, it boasts a greater integration level of trusted features than SELinux does. Also, unlike SELinux, which is currently best-suited for server deployments, the access controls in Trusted Solaris extend to the desktop environment.

Click here to read the full review of Trusted Solaris.

2

Trusted Solaris has been around for a few years longer than SELinux. And, as a complete product rather than a do-it-yourself add-on, it boasts a greater integration level of trusted features than SELinux does. Also, unlike SELinux, which is currently best-suited for server deployments, the access controls in Trusted Solaris extend to the desktop environment.

Trusted Solaris is a separate version of the Solaris operating system that ships with an additional layer of access controls to extend the default Unix permissions scheme. As with SELinux, developing effective security policies for Trusted Solaris is among the primary challenges of deploying the system.

/zimages/2/28571.gifClick hereto read Labs review of SELinux.

eWEEK Labs tested Trusted Solaris 8, which has been shipping for a few years. With the release of Solaris 10, expected early next year, Trusted Solaris will cease to be a completely separate operating system product, becoming instead an add-on for Solaris. Solaris 10 also will gain a portion of the access control functionality thats now in Trusted Solaris.

/zimages/2/28571.gifAnother new feature of Solaris 10 is the Dynamic File System—a 128-bit system that will automate many common tasks for system administrators.Click hereto read more.

We tested Trusted Solaris 8 on a SPARC-based workstation provided by Sun with the operating system preinstalled. Sun also sells a version of Trusted Solaris 8 that runs on x86 hardware.

Trusted Solaris costs from $995 per seat for the Standard Edition Desktop System to $79,495 for the Certified Edition Data Center Server. The Certified Edition of Trusted Solaris is nearly identical to the Standard Edition but carries security certifications that the Standard Edition does not. Also, the Certified Edition is patched on a different schedule than the Standard Edition is.

With Trusted Solaris, the concept of the superuser is replaced by roles that limit the permissions for particular actions to the minimum levels required. In addition, all files and directories in the operating system have labels that determine which users or applications may access them.

The version of the CDE (Common Desktop Environment) that ships with Trusted Solaris has been modified to track and identify the security levels of applications and data. For example, applications running at classified and unprivileged levels appear in windows that have different-colored borders, and the window manager will not allow text that appears in a classified window to be copied to an application running at an unprivileged level.

Its possible to run other desktop environments on Trusted Solaris, but only CDE includes support for access-level controls in the window manager. We find CDE crude and rather unpleasant to use, and wed like to see Sun enable trusted features in the GNOME environment, which is the default for its standard Solaris releases.

During tests, we could manage the roles and privileges on our test system through the Solaris Management Console, which does a pretty good job of presenting these controls in the same graphical interface where most other Solaris management tools reside.

Upon launching one of the configuration tools specific to Trusted Solaris, the console prompted us to select an administration role and provide a password for that role. Separating the identity of a user administering a system from the role that enables administration activities makes it possible to keep track of who made what changes on a system.

We could also use a command, called runpd (similar to the audit2allow tool in SELinux), which enables the security administrator to determine which privileges an application requires to operate properly.

Senior Analyst Jason Brooks can be reached at jason_brooks@ziffdavis.com.

/zimages/2/28571.gifCheck out eWEEK.coms Linux & Open Source Center at http://linux.eweek.com for the latest open-source news, reviews and analysis.

/zimages/2/77042.gif

Be sure to add our eWEEK.com Linux news feed to your RSS newsreader or My Yahoo page

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.