Inhaltszusammenfassung zur Seite Nr. 1
SUSE Linux Enterprise Server 10 SP1 EAL4
High-Level Design
Version 1.2.1������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Inhaltszusammenfassung zur Seite Nr. 2
Version Author Date Comments 1.0 EJR 3/15/07 First draft based on RHEL5 HLD 1.1 EJR 4/19/07 Updates based on comments from Stephan Mueller and Klaus Weidner 1.2 GCW 4/26/07 Incorporated Stephan's comment to remove racoon 1.2.1 GCW 10/27/08 Added legal matter missing from final draft. Novell, the Novell logo, the N logo, and SUSE are registered trademarks of Novell, Inc. in the United States and other countries. IBM, IBM logo, BladeCenter, eServer, iSeries, i5/OS, OS/400, PowerPC, POWER3, POWER4
Inhaltszusammenfassung zur Seite Nr. 3
Table of Contents 1 Introduction....................................................................................................................................................1 1.1 Purpose of this document.......................................................................................................................1 1.2 Document overview ..............................................................................................................................1 1.3 Conventions
Inhaltszusammenfassung zur Seite Nr. 4
4.1.2.1 DAC....................................................................................................................................25 4.1.2.2 AppArmor............................................................................................................................26 4.1.2.3 Programs with software privilege.........................................................................................26 4.2 TOE Security Functions software structure............................
Inhaltszusammenfassung zur Seite Nr. 5
5.1.5 Discretionary Access Control (DAC)..........................................................................................55 5.1.5.1 Permission bits.....................................................................................................................56 5.1.5.2 Access Control Lists ............................................................................................................57 5.1.6 Asynchronous I/O ........................................................
Inhaltszusammenfassung zur Seite Nr. 6
5.3.3.2 Common functions...............................................................................................................76 5.3.3.3 Message queues....................................................................................................................77 5.3.3.4 Semaphores..........................................................................................................................78 5.3.3.5 Shared memory regions.............................................
Inhaltszusammenfassung zur Seite Nr. 7
5.5.3 Kernel memory management....................................................................................................142 5.5.3.1 Support for NUMA servers................................................................................................142 5.5.3.2 Reverse map Virtual Memory............................................................................................143 5.5.3.3 Huge Translation Lookaside Buffers.........................................................
Inhaltszusammenfassung zur Seite Nr. 8
5.8.3 securityfs....................................................................................................................................174 5.9 Device drivers....................................................................................................................................174 5.9.1 I/O virtualization on System z....................................................................................................175 5.9.1.1 Interpretive-execution facility...........
Inhaltszusammenfassung zur Seite Nr. 9
5.11.3.1 agetty................................................................................................................................203 5.11.3.2 gpasswd............................................................................................................................203 5.11.3.3 login.................................................................................................................................203 5.11.3.4 mingetty.........................................
Inhaltszusammenfassung zur Seite Nr. 10
5.13.3.2 groupmod.........................................................................................................................232 5.13.3.3 groupdel...........................................................................................................................232 5.13.4 System Time management.......................................................................................................234 5.13.4.1 date.............................................................
Inhaltszusammenfassung zur Seite Nr. 11
6.1 Identification and authentication.......................................................................................................251 6.1.1 User identification and authentication data management (IA.1).................................................251 6.1.2 Common authentication mechanism (IA.2)................................................................................251 6.1.3 Interactive login and related mechanisms (IA.3)..................................................
Inhaltszusammenfassung zur Seite Nr. 12
6.8 Security enforcing interfaces between subsystems.............................................................................255 6.8.1 Summary of kernel subsystem interfaces ..................................................................................256 6.8.1.1 Kernel subsystem file and I/O............................................................................................257 6.8.1.2 Kernel subsystem process control and management............................................
Inhaltszusammenfassung zur Seite Nr. 13
1 Introduction This document describes the High Level Design (HLD) for the SUSE® Linux® Enterprise Server 10 Service Pack 1 operating system. For ease of reading, this document uses the phrase SUSE Linux Enterprise Server and the abbreviation SLES as a synonym for SUSE Linux Enterprise Server 10 SP1. This document summarizes the design and Target of Evaluation Security Functions (TSF) of the SUSE Linux Enterprise Server (SLES) operating system. Used within the Common Criteria evaluation o
Inhaltszusammenfassung zur Seite Nr. 14
2 System Overview The Target of Evaluation (TOE) is SUSE Linux Enterprise Server (SLES) running on an IBM eServer host computer. The SLES product is available on a wide range of hardware platforms. This evaluation covers the SLES product on the IBM eServer System x™, System p™, and System z™, and eServer 326 (Opteron). (Throughout this document, SLES refers only to the specific evaluation platforms). Multiple TOE systems can be connected via a physically-protected Local Area Network (LAN).
Inhaltszusammenfassung zur Seite Nr. 15
The TOE system provides user Identification and Authentication (I&A) mechanism by requiring each user to log in with proper password at the local workstation, and also at any remote computer where the user can enter commands to a shell program (for example, remote ssh sessions). Each computer enforces a coherent Discretionary Access Control (DAC) policy, based on UNIX®-style mode bits and an optional Access Control List (ACL) for the named objects under its control. This chapter documents th
Inhaltszusammenfassung zur Seite Nr. 16
The Common Criteria for Information Technology Security Evaluation [CC] and the Common Methodology for Information Technology Security Evaluation [CEM] demand breaking the TOE into logical subsystems that can be either (a) products, or (b) logical functions performed by the system. The approach in this section is to break the system into structural hardware and software subsystems that include, for example, pieces of hardware such as planars and adapters, or collections of one or more softwa
Inhaltszusammenfassung zur Seite Nr. 17
The SLES kernel includes the base kernel and separately-loadable kernel modules and device drivers. (Note that a device driver can also be a kernel module.) The kernel consists of the bootable kernel image and its loadable modules. The kernel implements the system call interface, which provides system calls for file management, memory management, process management, networking, and other TSF (logical subsystems) functions addressed in the Functional Descriptions chapter of this document.
Inhaltszusammenfassung zur Seite Nr. 18
2.2.2 eServer system structure The system is an eServer computer, which permits one user at a time to log in to the computer console. Several virtual consoles can be mapped to a single physical console. Different users can login through different virtual consoles simultaneously. The system can be connected to other computers via physically and logically protected LANs. The eServer hardware and the physical LAN connecting the different systems running SLES are not included within the eval
Inhaltszusammenfassung zur Seite Nr. 19
Figure 2-3: Local and network services provided by SLES Network services, such as ssh or ftp, involve client-server architecture and a network service-layer protocol. The client-server model splits the software that provides a service into a client portion that makes the request, and a server portion that carries out the request, usually on a different computer. The service protocol is the interface between the client and server. For example, User A can log in at Host 1, and then use ssh
Inhaltszusammenfassung zur Seite Nr. 20
Objects are passive repositories of data. The TOE defines three types of objects: named objects, storage objects, and public objects. Named objects are resources, such as files and IPC objects, which can be manipulated by multiple users using a naming convention defined at the TSF interface. A storage object is an object that supports both read and write access by multiple non-trusted subjects. Consistent with these definitions, all named objects are also categorized as storage objects, but
