A security checklist for system integrators
QNX SDP8.0QNX OS System Security GuideAPIConfiguration
Follow these recommendations (described in more detail in this chapter and elsewhere) to help create a secure QNX OS system:
| Feature or task | More information |
|---|---|
| Use security policies to enforce a centralized mechanism for controlling the privileges given to processes. | Security policies |
| Run each service with its own unique security policy type. | Using security policy types |
| Run each service with a user ID and primary group ID that isn't used by any other service or application. It can be helpful to use the same value for the user ID and primary group ID. | User IDs for system services |
| For granting remote access to the system, use a method that doesn't rely on a default or shared password. PAM or X.509 certificates can be used to enforce authentication that is unique to the specific instance of the system. | Systems without passwords |
| Use the secure boot mechanism to prevent the booting of modified versions of bootloaders, QNX IFSs, or integrity-protected filesystems. | Secure boot |
| Do not disable address space layout randomization (ASLR), which varies the location of data and instructions each time an executable is loaded. | Address space layout randomization (ASLR) |
| Set the file-creation mask (umask; via the umask utility) to a restrictive value on system boot (e.g., 0022). | umask |
| Set POSIX permissions (including user and group ownership) on filesystem objects so that you grant read, write, and execute access only to processes that require it. In some cases, it might be necessary to use POSIX ACLs to manage permissions. | POSIX permissions |
| Do not make a program setuid unless it was explicitly designed to be run that way. | Setuid and setgid programs |
| Secure filesystems and mount points (e.g., use the mount utility option nosuid to block all setuid binaries and the option trusted to enable pathtrust). | The mount entry in the Utilities Reference |
| Do not use unioned filesystems. | Unioned filesystems |
Use the procnto options -d 0777 -u 0777 to remove
all default access to the /proc filesystem. |
The /proc filesystem |
| Do not ship qconn on production systems. | The qconn entry in the Utilities Reference |
| Enable the pathtrust feature to prevent privileged processes from executing untrusted code. | Pathtrust |
In addition to detailed discussions of and instructions for features in this essentials list, this chapter provides information on additional features that can add additional security or that apply only in specific environments.
Page updated: