I had the great joy of seeing a presentation on Trusted Extensions at the Silicon Valley OpenSolaris Users Group (SVOSUG) meeting this week where Glenn Faden presented (his slides are here, see the comments for a PDF version). While a lot of the goodies created for Trusted Solaris have been with us for a long time it was interesting to see it in its full glory during the presentation. Perhaps most interesting was that Trusted Extensions was integrated into OpenSolaris awhile ago, in NV B42a (Solaris Express 7/06. What you might want to know is that while everything Trusted Extensions needs is already on your system, you need software from the “Extra Value” directory during the install to actually activate it all.
Trusted really takes security to the next level. While RBAC and Solaris Priv’s are kool for just about any task, Trusted goes much further, much much further, Area51 further. When I was watching the presentation I was struck by the fact that most security is about keeping the bad people outside of your organization from getting it… but Trusted Extensions is about going so much further to the point that your protecting yourself against your own legitamate users. My favorite feature is cut-and-paste security, ensuring that if someone has clearance for my uber-top-secret document that they can’t cut-and-paste lines from it. Uber sweet.
So if your one of the many people asking “What about Trusted Solaris?”, stop asking and start playing. Download the latest SX:CR ISO’s and enjoy all the hardcore security goodness. Frankly, this is perhaps one of the very few features of Solaris that I can’t see using myself but certainly have great appreciation and respect for.