In planning for applications in a multilevel secure environment,
you must first understand the multilevel security programming rules
that apply to socket applications.
- Trusted network administration server applications
- Applications that are part of the infrastructure, such as DNS
and routing. The delivered information is not sensitive and needs
to be accessible across many security labels.
- Trusted multilevel secure server applications
- Applications with a login process using port of entry, that do
all resource access under the client's login identity, and that maintain
separation of information accessed by different client tasks, such
as FTP and otelnet.
Process applications that change identity must
take the following actions:
- Issue _poe() before identity change (can be done by parent, for
example, INETD).
- Change identity in parent process before fork, spawn,
or exec to ensure interprocess communication (IPC)
resources are properly labeled.
- Access any user resources after the identity change.
- Close unnecessary parent resources before exec.
Threaded applications that set identity on a thread must
take the following actions:
- Issue _poe() on handling thread before _pthread_security_np().
- Ensure all related processing occurs on threads that have the
same identity.
- Change identity on thread before spawn, fork,
or exec.
- Access any user resources after identity change on the thread.
- Not access any other thread's resources.
- Close all user resources before removing identity from thread.
- Remove user identity from thread before acquiring new work.
All SYSMULTI applications must ensure that they do not put user
data on server resources or other user resources. Pay special attention
to debugging, logging, or tracing output. Many servers include user
level data in output.
- Trusted single-level secure server applications
- Applications that deliver sensitive information accessed under
the server's identity, such as TFTP and HTTP, and applications with
a login process that do not use port of entry nor access client information
under the server's identity, such as SMTP and MVSHRD.
- Network administration commands and client applications
- Local commands, requiring special controls and privileges, that
are used to query, configure, or diagnose the network infrastructure.
- IBM® zEnterprise® System (zEnterprise) platform management applications
- Authorized zEnterprise applications
that perform platform management functions. For more information about
these applications, see IBM z Systems Ensemble Planning Guide.
- General user commands and client applications
- Local commands that access resources (including network resources)
under the invoking user's security environment.
- Network management interfaces
- Application programming interfaces that provide sensitive information.
- Unsupported applications
- Applications that have not been inspected, or have been inspected
and are not trusted in a multilevel secure environment.