RE: Thanks to all (was Re: Solaris, Sudo, and locking...)

From: Bart Blanquart - Customer Support Engineer (Bart.Blanquart@Sun.COM)
Date: 10/04/01

• Previous message: Sean Boran: "RE: SunScreen v3.1 to v3.0b communications"
• Maybe in reply to: Aaron Ferguson: "RE: Thanks to all (was Re: Solaris, Sudo, and locking...)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-Id: <200110041131.NAA28328@hugin.Belgium.Sun.COM>
Date: Thu, 4 Oct 2001 13:31:05 +0200 (MEST)
From: Bart Blanquart - Customer Support Engineer <Bart.Blanquart@Sun.COM>
Subject: RE: Thanks to all (was Re: Solaris, Sudo, and locking...)
To: focus-sun@securityfocus.com, AFerguson@l90.com

> If you mean compareable then yes. RBAC IMO is more robust than sudo. RBAC is
> available with Solaris 8, on Solaris 7 it was called Trusted Solaris.

Erghm... Trusted Solaris is not RBAC for Solaris 7 -- Trusted Solaris is a OS in
itself.

Trusted Solaris is an enhancement of Solaris which extends the OS to have
mandatory access control (labeling data and enforcing access based on labels),
adds the concept of rights, limits the capabilities of root,...
In short -- Trusted Solaris is an OS that meets the requirements of a B1 system.

(More information on Trusted Solaris can be found on
http://www.sun.com/software/solaris/trustedsolaris/)

Trusted Solaris 8 includes, and extends, the role based access control mechanism
that is found on regular Solaris.

In Trusted Solaris 7 (and earlier) roles also existed, but were managed using
another mechanism -- similar in function, but not "RBAC" as it exists in Solaris
and Trusted Solaris 8.

rgds/Bart

-- 
Bart Blanquart - EMEA Solaris & Networking Support - Sun Microsystems
(tel) +32 2 704 80 38 - (fax) +32 2 704 80 90  
"Be nice to other people. They outnumber you 5.8 billion to one."

---

• Previous message: Sean Boran: "RE: SunScreen v3.1 to v3.0b communications"
• Maybe in reply to: Aaron Ferguson: "RE: Thanks to all (was Re: Solaris, Sudo, and locking...)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: history ... > You should really stay away from 3rd party applications if possible. ... Not only on Solaris; but yes, ... > and any bugs or exploits in sudo can go unnoticed because its not part of ... RBAC is appropriate for larger organizations with a central authority ... (comp.unix.admin) Re: history ... > You should really stay away from 3rd party applications if possible. ... Not only on Solaris; but yes, ... > and any bugs or exploits in sudo can go unnoticed because its not part of ... RBAC is appropriate for larger organizations with a central authority ... (comp.unix.admin) Re: history ... very easy to setup but Solaris has a much more powerfull utility called RBAC ... one reason I recommened avoid 3rd party tools is because 1) sudo is setuid ... >> I work on Solaris and on theses hosts everybody is root. ... (comp.unix.admin) Re: history ... > You should really stay away from 3rd party applications if possible. ... > very easy to setup but Solaris has a much more powerfull utility called RBAC ... OK, but it's only for Solaris, right? ... > and any bugs or exploits in sudo can go unnoticed because its not part of ... (comp.unix.admin) RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk ... Trusted solaris is based on Solaris 8, ... Basically Sun have taken note that security should be part of the main ... Computer Emergency Response Teams, and Digital Investigations. ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-sun  > 2001-10