Workstations

However, there are other weaknesses that usually are not addressed. Some of the relevant UNIX-derived OS weaknesses are:

• Programs do not run in a ``least resource'' environment. Any application can potentially monopolize all the resources of a system.
• Programs do not run in a ``least privilege'' environment. That is, although a user may expect an application to affect only the files the user specified, a program can actually manipulate any resource the user can manipulate.
• Tty's and pseudo-tty's are not handled in a secure manner. A program can open a terminal and wait for another program to open the same terminal.
• Programs share the same directories to create temporary files, which means a program can modify or delete the work files of other programs.
• Programs are built with shared libraries containing references to relative rather than absolute pathnames.
• Programs that access a file without checking if it is a symbolic link can be tricked into accessing a substitute file.
• Setuid programs (i.e., those programs capable of running with a user ID other than the one which is the owner of the executable file and/or capable of changing user IDs while running) are inherently unsafe.
• Network conveniences like hosts.equiv and NFS have many bugs, security holes, and potential management pitfalls. Chapter 9 discusses network security threats and Chapter 10 describes ways to improve security in a network environment.

Most of these problems are addressed by the Compartmented Mode Workstation requirements, but are usually not addressed by the normal, commercial workstation platforms.