Mandatory Access Control
Discretionary access control provided by the traditional UNIX permissions model is just not enough in certain circumstances. One of the apparent weaknesses of this system is that the creator and/or owner of a resource (file, directory, socket, and so on) might either forget to (or deliberately not) set the correct permissions, thus exposing that particular resource and all resources that are accessible using that resource (such as in the case of a directory or socket) to unauthorized access. In trusted systems in general, and in Trusted Solaris 8 in particular, a mechanism called Mandatory Access Control is used. In contrast to the standard UNIX discretionary access control, when the owner is free to set whatever permissions ...
Get Solaris 8 Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
