Papillon 0.5.4 - Solaris Security ModuleCopyright © 2001, 2002, 2003, 2006 by Konrad Rieck
Papillon is a security module for Solaris (version 8 to 10) and OpenSolaris. The code has been inspired by the Openwall and the HAP Linux Kernel Patches. Papillon implements most mechanisms introduced by these two patches into the Solaris OE and integrates additional security mechanisms into the kernel.
Papillon includes a restricted proc, several protections against common attack techniques and may operate completely invisibile to system users.
Papillon is a security module designed for the Solaris Operating Environment 8 and 9. It has been tested against the Intel and the Sparc Edition of the Solaris OE 8 and 9. Papillon tries to be as compatible with Sun Microsystems DDI/DDK as possible.
Papillon improves the security of a system by adding new functionality to the kernel. The added security mechanisms have been inspired by Solar Designer's Openwall Linux Kernel Patch and the the HAP Linux Kernel Patch which fix common Unix security problems that are also present in the Solaris OE.
Papillon is designed to prevent attacks driven by system users. It doesn't include any restriction to the super-user. It can be an addition to already exisiting security mechanisms such as the BSM (Solaris' Basic Security Module) and the non-executable stack on Solaris Sparc Edition.
The module is automatically loaded at boot time when entering multiuser level and installs two kinds of new functionality in the kernel: so called features and protections.
Features add completely new functionality to the kernel, they can be switched on or off either at compilation time or even at runtime using the provided control tool papctl.
Features included in Papillon currently are:
Protections restrict access to resources if specific conditions occur. A protection has a behaviour that can be none (for doing nothing), warn (for warning only) or deny (for warning and denying access to the resource).
Protections included in Papillon currently are:
Fore more information consult the provided PDF documentation
* The Solaris Logo is a trademark or a registered trademark of Sun Microsystems, Inc.
In general Papillon should be build from the source package. Consult the documentation on how to configure, compile and install the module.