LingBo Tang wrote: > Hi all, > > I have one question about Secure Attention Key(SAK) in Solaris: > > Why solaris does not implement SAK for trusted path in console mode?
Resources and that fact that it isn't actually necessary to meet the protection profiles we are using for the common criteria evaluation. > My current understanding is that we can log into non-global zone > from "command line login" without X system if there is a trusted path > mechanism. And the trusted path can be invoked by SAK sequence. > Is this right? Your comments are really appreciated. I don't think we need SAK to do this what we need is a way of attaching the zone console to one of the new virtual consoles. Now if we also had SAK that would be great. > During working on hot key sequences for virtual console switching, > I'm thinking whether we can have a solution for un-remapped sequences > for secure purpose or not. > If the sequence can not be remapped, does it mean we can take advantage > of the implementation for SAK sequence? I suppose there should be other > requirements for SAK. Could you please please give me some clues or > reference? Thanks so much! There are, I'd highly recommend talking to Gary Winiger and Glenn Faden about this I believe Gary has a good reference for this and has actually spend some time thinking about it. > From google, we can easily find out the description for SAK in Linux > kernel, and which also mentioned that SAK in Linux have not meet > C2 requirements without clear reason. C2 is a very old and now no longer relevant security standard. Also a SAK was never required in C2 anyway. Trusted Solaris 1.2 (based on SunOS 4.1.3_U1) achieved an ITSEC (predecessor to Common Criteria for some countries) evaluation under the CMW spec which was a mix of C2,B1 and some stuff from B2 as well and it never required us to implement a SAK. They way that was avoided I believe was to not allow console login, this is also the approach that was taken for Trusted Solaris 8 which got CC eval to EAL4+ under LSPP,CAPP,RBACPP (which is roughly similar to the old CMW spec). Now given that with Trusted Extensions we do not disable the command line login option for dtlogin we might want a SAK capability to allow cli login on the console at a non Trusted Path (ie global zone) label. -- Darren J Moffat
