X

Glenn Faden's Blog

  • October 27, 2012

Oracle Solaris 11.1 Security Lab

Guest Author

Recently I developed a set of lab exercises for an Oracle OpenWorld Hands On Lab, entitled HOL10201, Reduce Risk with Oracle Solaris Access Control to Restrain Users and Isolate ApplicationsThis explored the new Extended Policy for privilege assignments in Oracle Solaris 11.1. 

Today, Oracle Solaris 11.1 has been officially released via the Package Repository. Today's release and branch are numbered 0.5.11-0.175.1.0.0.24.2, which means it is based on build 24b of 11.1 which is, in turn, based on build 175a of 11.0.  There is a good summary of new features available here: Oracle Solaris 11.1 - What's New . Pages 5 thru 7 give an overview of some of the new security enhancements. There is much more information available in the newly published documentation for Oracle Solaris 11.1.

I plan to explore some of these enhancements in a series of blog entries. Meanwhile, I've published a copy of the lab materials, which you can try out with this new release.

Join the discussion

Comments ( 2 )
  • guest Monday, November 25, 2013

    Glenn:

    I have followed your examples, but have not been able to get the Extended Privilege Policy to work.

    ppriv produces the error message "ppriv: xpol_context_install: Not owner"

    searching for the error finds little, and, nothing of any use. Can you offer any help/suggestions/clues?

    Thanks,

    greg


  • guest Wednesday, November 27, 2013

    In general a process can't escalate its own privileges. So some of the lab exercises require that you have assumed the root role before using ppriv or you may have to use profile shell, like pfbash to get the effective rights granted in profiles.


Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.