Manualshelf

HP-UX Security Containment B.11.23.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Security Containment Software
12345678910
HP-UX Security Containment B.11.23.01 Release Notes
What’s in This Version
Chapter 14
Whats in This Version
HP-UX 11i Security Containment version B.11.23.01 contains a number of features to help
you secure your HP-UX standard mode system.
Features
HP-UX 11i Security Containment version B.11.23.01 includes the following components:
•Compartments
Compartments isolate unrelated resources on a system to prevent catastrophic system
damage if one compartment is penetrated.
When configured in a compartment, an application (processes, binaries, data files and
communication channels used) has restricted access to resources outside its compartment.
This restriction is enforced by the HP-UX kernel and cannot be overridden unless
specifically configured to do so. If the application is compromised, it will not be able to
damage other parts of the system because it is isolated by the compartment configuration.
Fine-Grained Privileges
Traditional UNIX operating systems grant “all or nothing” administrative privileges
based on the effective UID of the process that is running. If the process is running with the
effective uid=0, it is granted all privileges. With fine-grained privileges, processes are
granted only the privileges needed for the task and, optionally, only for the time needed to
complete the task. Applications that are privilege-aware can elevate their privilege to the
required level for the operation, and lower it after the operation completes.
HP-UX Role-Based Access Control (HP-UX RBAC) Version B.11.23.02
HP-UX Role-Based Access Control (RBAC) is an alternative to the traditional
“all-or-nothing” root user model, which grants permissions to the root user for all
operations, and denies permissions to non-root users for certain operations. HP-UX RBAC
allows you to distribute administrative responsibilities by creating roles with appropriate
authorizations and assigning them to non-root users.
For more information about HP-UX RBAC, refer to the HP-UX Role-Based Access Control
B.11.23.02 Release Notes.
HP-UX Standard Mode Security Extensions (SMSE)
In addition to the new Security Containment features, standard mode HP-UX 11i v2 has
been enhanced to support security features previously available only in trusted mode.
These features are described below.