System Administration Guide
Chapter 5, Maintaining system security

Disabling C2 features

Disabling C2 features

In addition to customizing security defaults, you can also selectively disable C2 features to ensure compatibility with utilities that expect traditional UNIX system behavior. (In the Low and Traditional defaults, most C2 features are disabled by default). The following key features can be switched on or off by changing the associated kernel parameter:

LUID enforcement

Under C2 requirements, every process must have a login user ID (LUID). This means that processes which set UIDs or GIDs, such as the printer scheduler (lpsched), must have an LUID set when started at system startup in /etc/rc2.d. This can cause problems with setuid programs. When the security mode is set to a lesser mode (that is, not ``High''), enforcement of login user ID (LUID) is relaxed and setuid programs do not require an LUID to run. This feature is enabled by default when the High security default is selected, but it can be enabled or disabled by modifying the SECLUID kernel parameter. A value of 0 disables the enforcement of LUID.

Clearing of SUID/SGID bits on write

Under C2 requirements, the set user ID (SUID or setuid) and set group ID (SUID or setgid) bits on files must be cleared (removed) when a file is written. This prevents someone from replacing the contents of a setuid binary, but this can cause problems with programs that do not expect this behavior. In the lower security defaults, SUID and SGID bits are not cleared when files are written. This feature is enabled by default when the High security default is selected, but it can be enabled or disabled by modifying the SECCLEARID kernel parameter. A value of 0 disables this feature.

stopio(S) on devices

The stopio(S) call is used under C2 to ensure that a device is not held open by another process after it is reallocated. This means that other processes attempting to access the same device are killed. In the lower security defaults, stopio(S) is not called. This feature is enabled by default when the High security default is selected, but it can be enabled or disabled by modifying the SECSTOPIO kernel parameter. A value of 0 disables this feature.
These parameters can be changed by invoking the configure(ADM) command and selecting category 8: ``Security,'' and changing the parameter desired. The kernel must then be relinked and booted for the new behavior to take effect. See ``Relinking the kernel'' in the SCO OpenServer Handbook.