[cap-talk] Unix inode communication seen as breaking TCSEC

David Wagner daw at cs.berkeley.edu
Thu Nov 2 14:55:04 CST 2006

Ian G <iang at systemics.com> wrote:
>Mark Miller wrote:
>> I talked to the architect of Sun's "Trusted Solaris" operating system,
>> who explained to me that Trusted Solaris disallows such "Unix Domain
>> Sockets" between compartments (their "zones") precisely because they
>> believed that the ability to pass file descriptors was too dangerous.
>Hmmm, strangely, that is echoed in Java by Sun, which
>also has the "feature" that Unix Domain Sockets are
>not available.

I'm guessing that, in the case of Java, this was done for portability
reasons, not security reasons.  Java has this annoying property of
preventing you from accessing some of the most useful OS-level features,
because those OS-level features cannot be guaranteed to be available on
all platforms.

More information about the cap-talk mailing list