POSIX is a family of standards designed to ensure portability of application programs across hardware and operating systems. These standards are the products of the IEEE Technical Committee on Operating Systems, P1003 Committee. For the purpose of this discussion, two of the standards produced by this committee are of primary interest:
Like the POSIX.1 standard, the POSIX.6 standard was originally grown out of work begun in /usr/group, now known as Uniforum. As the POSIX.1 standard was moved out of /usr/group and into IEEE, some security professionals within /usr/group saw the need to:
The POSIX.6 Security Mechanisms address five areas of functionality:
According to the POSIX.6 draft, each option defines new functions, as well as security-related constraints for the functions and utilities defined by the other POSIX standards. The addition of these mechanisms to the POSIX.1 standard allows ``general purpose'' applications to take advantage of the security enhancements while maintaining portability. In addition, these areas are widely used by ``trusted'' programs - thus allowing for application portability of trusted programs.
These areas were chosen because it was felt that they encompass the de facto required areas for security in today's POSIX environments. While all these areas may not be required on a single system, some combination of them should be. Access control should be required on any multi-user system. The POSIX.6 standard supports a mechanism that allows the generation of an audit trail that can later be analyzed by an audit analysis tool. The use of audit on POSIX systems is highly encouraged. More and more users are discovering the many benefits of using information labels on their systems. The POSIX.6 standard supports these as well.
The POSIX.6 interfaces are positioned between the application system calls and the operating system. In this way the application is buffered from having to know the internals, formats, etc. that make systems unique. An application can request to know the mandatory access control label of a file without having to know where or how the label is stored internally. This is what makes application portability, and POSIX.6 focuses on providing application portability on systems that make use of the POSIX.6 mechanisms.
The standard that provides the POSIX.6 interfaces and mechanisms is currently in the balloting process. The DRAFT Standards P1003.6.1/D13 and P1003.6.2 [POS92c] were the current documents at the time of this writing. It should be realized that with any standard that is cycling through a balloting process, changes to the standard may occur. Therefore, differences (hopefully slight) may arise between the information presented here regarding specifics of the standard, and the final specifications of the standard upon final approval.