Trusted Processes in the Window System

In Solaris Trusted Extensions (CDE), the following window system processes are trusted:

Front Panel
Subpanels of the Front Panel
Workspace Menu
File Manager
Application Manager

The window system's trusted processes are available to everyone, but access to administrative actions is restricted to roles in the global zone.

In the File Manager, if an action is not in one of the account's profiles, the icon for the action is not visible. In the Workspace Menu, if an action is not in one of the account's profiles, the action is visible, but an error displays if the action is invoked.

In Trusted CDE, the window manager, dtwm, calls the Xtsolusersession script. This script works with the window manager to invoke actions that are started from the window system. The Xtsolusersession script checks the account's rights profiles when the account attempts to launch an action. In either case, if the action is in an assigned rights profile, the action is run with the security attributes that are specified in the profile.

Adding Trusted CDE Actions

The process of creating and using CDE actions in Trusted Extensions is similar to the process in the Solaris OS. Adding actions is described in the Chapter 4, Adding and Administering Applications, in Solaris Common Desktop Environment: Advanced User’s and System Administrator’s Guide.

As in the Solaris OS, the use of actions can be controlled by the rights profile mechanism. In Trusted Extensions, several actions have been assigned security attributes in the rights profiles of administrative roles. The security administrator can also use the Rights tool to assign security attributes to new actions.

The following table summarizes the main differences between a Solaris system and a Solaris Trusted Extensions system when you create and use actions.

Table 25-1 Constraints on CDE Actions in Trusted Extensions

Solaris CDE Actions	Trusted CDE Actions
New actions can be created by anyone within the originator's home directory. A new action is automatically usable by its creator.	An action is usable only if the action is in a rights profile that is assigned to the user. The search path for actions differs. Actions in a user's home directory are processed last instead of first. Therefore, no one can customize existing actions.
	Users can create a new action in their home directory, but the action might not be usable.
	Users with the All profile can use an action that they create. Otherwise, the security administrator must add the name of the new action to one of the account's rights profiles.
	To start the action, the user uses the File Manager. The system administrator can place actions in public directories.
Actions can be dragged and dropped to the Front Panel.	The Front Panel is part of the trusted path. The window manager recognizes only the administratively added actions that are located in the `/usr/dt` and `/etc/dt` subdirectories. Even with the All profile, a user cannot drag a new action to the Front Panel. Actions from a user's home directory are not recognized by the window manager. The manager only checks the public directories.
Actions can do privileged operations if they are run by `root`.	Actions can do privileged operations if the actions have been assigned privileges in a rights profile that has been assigned to a user.
Actions are not managed by the Solaris Management Console.	Actions are assigned to rights profiles in the Rights tool of the Solaris Management Console. If new actions are added, the security administrator can make the new actions available.