DOCSLIB.ORG

Porting NSA Security Enhanced Linux to Hand-Held Devices

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Porting NSA Security Enhanced Linux to Hand-Held Devices Porting NSA Security Enhanced Linux to Hand-held devices Russell Coker [email protected] http://www.coker.com.au/ Abstract process. In addition to the use of domains and types In the first part of this paper I will describe how for access control SE Linux tracks the identity I ported SE Linux to User-Mode-Linux and to of the user (which will be system_u for pro- the ARM CPU. I will focus on providing infor- cesses that are part of the operating system or mation that is useful to people who are porting the Unix user-name) and the role. Each identity to other platforms as well. In the second part will have a list of roles that it is permitted to as- I will describe the changes necessary to appli- sume, and each role will have a list of domains cations and security policy to run on small de- that it may use. This gives a high level of con- vices. This will be focussed on hand-held de- trol over the actions of a user which is tracked vices but can also be used for embedded appli- through the system. When the user runs SUID cations such as router or firewall type devices, or SGID programs the original identity will and any machine that has limited memory and still be tracked and their privileges in the SE se- storage. curity scheme will not change. This is very dif- ferent to the standard Unix permissions where 1 Introduction after a SUID program runs another SUID pro- gram it’s impossible to determine who ran the SE Linux offers significant benefits for secu- original process. Also of note is the fact that rity. It accomplishes this by adding another operations that are denied by the security pol- layer of security in addition to the default Unix icy [1] have the identity of the process in ques- permissions model. This is achieved by firstly tion logged. assigning a type to every file, device, network I often run SE Linux demonstration machines socket, etc. Then every process has a domain, on the Internet which provide root access to the and the level of access permitted to a type is world and an invitation to try and break the se- determined by the domain of the process that is curity. [2] attempting the access (in addition to the usual Unix permission checks). Domains may only For a detailed description of how SE Linux be changed at process execution time. The do- works I recommend reading the paper Peter main may automatically be changed when a Loscocco presented at OLS in 2001 [3]. process is executed based on the type of the executable program file and the domain of the SE Linux has been shown to provide sig- process that is executing it, or a privileged pro- nificant security benefits for little overhead cess may specify the new domain for the child on servers, desktop workstations, and laptops. Linux Symposium 118 However it has not had much use in embedded uses 52 different system calls through this in- devices yet. terface. Due to problems in porting the kernel code to some platforms (particularly those that Some people believe that SE Linux is only have a mixed 32 and 64bit memory model) the needed for server systems. I think that is in- decision was made to change the LSM inter- correct, and I believe that in many situations face for kernel 2.6.0. The new interface will laptops and hand-held devices need more pro- make the code fully portable and remove the tection than servers. A server will usually have painful porting work that is currently required. a firewall protecting it, with a small number However I needed to have SE Linux working of running applications which are well main- with the 2.4.x kernels so I couldn’t wait for ker- tained and easy to upgrade. Portable comput- nel 2.6.0. ers are often used in hostile environments that servers do not experience, they have no fire- The main difficulty in porting the code is the walls to protect them, and often they are con- system call execve_secure() which is used to nected to routers operated by potentially negli- specify the security context for the new pro- gent or hostile organizations. cess. This calls the kernel funtion do_exec() to perform the execution, and do_exec() needs a But there are two main factors that cause an pointer to the stack, thus requiring architecture increased need for security on portable devices. specific code in the sys_execve_secure() func- One is that it is usually extremely difficult and tion. The sys_security_selinux_worker() func- expensive to upgrade them if a new security fix tion (which determines which SE Linux sys- is needed. This means that in commercial use tem call is desired and passes the appropriate portable computers tend to never have security parameters to it) calls sys_execve_secure() and fixes applied. Another factor is that often the therefore also needs architecture specific code, person in posession of a hand-held computer is and so does the main system call sys_security_ not authorised to access all the data it contains, selinux(). and may even be hostile to the owner of the machine. My first port of SE Linux was to User-Mode Linux [5]. This was a practice effort for the Naturally for a full security solution for main porting work. It is quite easy to debug portable computers a strong encryption system kernel code under UML, and as it uses the i386 will need to be used for all persistent file sys- system call interface I could port the kernel tems. There are various methods of doing this, code without any need to port application code. but all aspects of such encryption are outside the scope of this project and can be imple- The main architecture dependent code is mented independently. in the source file security/selinux/ arch/i386/wrapper.c, which has code to look on the stack for the contents of par- 2 Kernel Porting ticular registers. This needs to be changed for platforms with different register names, and for The current stable series of SE Linux is based UML which does not permit such direct access on the 2.4.x kernels and uses the Linux Secu- of registers. rity Modules (LSM) [4] interface. The current LSM interface has a single sys_security() sys- The solution in the case of UML was to not tem call that is used to multiplex all the system have a wrapper function, as the current struc- calls for all of the security modules. SE Linux ture had a pointer to the stack anyway that Linux Symposium 119 could be used inside the sys_execve_secure() you are stuck with a memory limit of 64M. function. So I renamed the sys_security_ selinux_worker() function to sys_security_ The flash storage in an iPaQ can only be writ- selinux() for the UML port and entirely re- ten a limited number of times, this combined moved all reference to the wrapper. Then with the small amount of storage makes it im- I moved the implementation of sys_execve_ possible to use a swap space for virtual mem- secure() into the platform specific directory ory unless you purchase a special sleeve for us- and implemented a different version for each ing an external hard drive. Attaching an exter- port. nal hard drive such as the IBM/Hitachi Micro Drive is expensive and bulky. Therefore if you This was essentially all that was required to have a limited budget then storage expansion complete the port, the core code of SE Linux (for increased file storage or swap space) is not was all cleanly written and could just be com- an option. piled. The only other work involved getting the Makefile’s correctly configured, and adding a For storing files, the 32M file system can con- hook to sys_ptrace(). tain quite a lot. The Familiar distribution is op- timised for low overheads (no documentation One thing I did differently with my port to the or man pages) and all programs are optimised ARM architecture was that I removed the code for size not speed. Also the JFFS2 [7] file to replace the system call entry. When the SE system used by Familiar supports several com- Linux kernel code loads on UML and i386 it pression algorithms including the Lempel-Ziv replaces the system call with a direct call to the algorithm implemented in zlib, so more than SE Linux code (rather than using the option for 32M of files can fit in storage. LSM to multiplex between different modules). As there is currently no support for having SE For a system such as SE Linux to be viable on Linux be a loadable module there seems to be an iPaQ it has to take up a small portion of the no benefit in this, and it seems that on ARM 32M of flash storage and 64M of RAM, and there will be more overhead for adding an extra not require any long CPU intensive operations. level of indirection for this. So I made the SE Finally the screen of an iPaQ only has a reso- Linux patch hard-code the SE system call into lution of 240x320 and the default input device the sys-call table. is a keyboard displayed on the screen. This makes an iPaQ unsuitable for interactive tasks 3 iPaQ Design Constraints that involve security contexts as it takes too much typing to enter them and too much screen space to display them.
Load more

Recommended publications
  • Version 7.8-Systemd
    Linux From Scratch Version 7.8-systemd Created by Gerard Beekmans Edited by Douglas R. Reno Linux From Scratch: Version 7.8-systemd by Created by Gerard Beekmans and Edited by Douglas R. Reno Copyright © 1999-2015 Gerard Beekmans Copyright © 1999-2015, Gerard Beekmans All rights reserved. This book is licensed under a Creative Commons License. Computer instructions may be extracted from the book under the MIT License. Linux® is a registered trademark of Linus Torvalds. Linux From Scratch - Version 7.8-systemd Table of Contents Preface .......................................................................................................................................................................... vii i. Foreword ............................................................................................................................................................. vii ii. Audience ............................................................................................................................................................ vii iii. LFS Target Architectures ................................................................................................................................ viii iv. LFS and Standards ............................................................................................................................................ ix v. Rationale for Packages in the Book .................................................................................................................... x vi. Prerequisites
    [Show full text]
  • The Complete Freebsd
    The Complete FreeBSD® If you find errors in this book, please report them to Greg Lehey <grog@Free- BSD.org> for inclusion in the errata list. The Complete FreeBSD® Fourth Edition Tenth anniversary version, 24 February 2006 Greg Lehey The Complete FreeBSD® by Greg Lehey <[email protected]> Copyright © 1996, 1997, 1999, 2002, 2003, 2006 by Greg Lehey. This book is licensed under the Creative Commons “Attribution-NonCommercial-ShareAlike 2.5” license. The full text is located at http://creativecommons.org/licenses/by-nc-sa/2.5/legalcode. You are free: • to copy, distribute, display, and perform the work • to make derivative works under the following conditions: • Attribution. You must attribute the work in the manner specified by the author or licensor. • Noncommercial. You may not use this work for commercial purposes. This clause is modified from the original by the provision: You may use this book for commercial purposes if you pay me the sum of USD 20 per copy printed (whether sold or not). You must also agree to allow inspection of printing records and other material necessary to confirm the royalty sums. The purpose of this clause is to make it attractive to negotiate sensible royalties before printing. • Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. • For any reuse or distribution, you must make clear to others the license terms of this work. • Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above.
    [Show full text]
  • CSCE 451/851 Operating Systems Principles the UNIX Operating System Processes &
    Page 1 The UNIX Operating System History ◆ The original UNIX 1 » An experimental operating system developed by Ken Thompson & Dennis Ritchie in the late ‘60s ◆ Main variants (“Standards”) »System V »POSIX ❖developed by AT&T, now ❖IEEE/ISO owned by UNIX International »FreeBSD » 4.4 BSD ❖ Open Software Foundation »Linux ◆ Commercial products » Ultrix, DEC UNIX — DEC » AIX — IBM » SunOS, Solaris — Sun » Xenix — Microsoft » HP/UX — Hewlett Packard » ... 2 Lecture 4 Steve Goddard [email protected] Processes & IPC The UNIX OperatingThe System http://www.cse.unl.edu/~goddard/Courses/CSCE451 CSCE 451/851 Operating Systems Principles CSCE 451/851 Steve Goddard Lecture 4 Page 2 CSCE 451/851 CSCE Steve Goddard The UNIX Operating System The UNIX Operating System Processes Processes ◆ A process is created by the fork() system call ◆ Alternatively, processes can be “created” by an exec() » creates a new address space that is a duplicate of the callers » replaces the memory image of the caller with a new program Parent address space “parent” “child” main (argc, argv) address space address space int childpid; main() prog() childpid = 1 { { { switch (childpid = fork()) { exec( prog) case 0: /* child */ } } child_func(); exit(0); default: /* parent */ ◆ This is how the shell executes commands parent_func(); while(wait((int *) 0) != childpid); »a fork() followed by an exec() exit(0); Child address space case -1: /* oops */ csh wait() error("fork:%s\n",sys_errlist[errno]); childpid = 0 fork() } } csh ls exec() 3 4 CSCE 451/851 CSCE 451/851 Steve Goddard
    [Show full text]
  • Solaris X Window System Reference Manual
    Solaris X Window System Reference Manual Sun Microsystems, Inc. 2550 Garcia Avenue Mountain View, CA 94043 U.S.A. 1995 Sun Microsystems, Inc., 2550 Garcia Avenue, Mountain View, California 94043-1100 USA. All rights reserved. This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Portions of this product may be derived from the UNIX system, licensed from UNIX System Laboratories, Inc., a wholly owned subsidiary of Novell, Inc., and from the Berkeley 4.3 BSD system, licensed from the University of California. Third- party software, including font technology in this product, is protected by copyright and licensed from Sun's Suppliers. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. The product described in this manual may be protected by one or more U.S. patents, foreign patents, or pending applications. TRADEMARKS Sun, Sun Microsystems, the Sun logo, SunSoft, the SunSoft logo, Solaris, SunOS, OpenWindows, DeskSet, ONC, ONC+, and NFS are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. OPEN LOOK is a registered trademark of Novell, Inc.
    [Show full text]
  • Busybox Command Descriptions Addgroup Addgroup [-G GID] Group Name [User Name] Adds a Group to the System Options
    DIL/NetPC – User Information BusyBox Command Descriptions addgroup addgroup [-g GID] group_name [user_name] Adds a group to the system Options: -g GID specify gid ------------------------------- adduser adduser [OPTIONS] user_name Adds a user to the system Options: -h DIR Assign home directory DIR -g GECOS Assign gecos field GECOS -s SHELL Assign login shell SHELL -G Add the user to existing group GROUP -S create a system user (ignored) -D Do not assign a password (logins still possible via ssh) -H Do not create the home directory ------------------------------- adjtimex adjtimex [-q] [-o offset] [-f frequency] [-p timeconstant] [-t tick] Reads and optionally sets system timebase parameters. See adjtimex(2). Options: -q quiet mode - do not print -o offset time offset, microseconds -f frequency frequency adjust, integer kernel units (65536 is 1ppm) (positive values make the system clock run fast) -t tick microseconds per tick, usually 10000 -p timeconstant SSV EMBEDDED SYSTEMS 2004, BusyBoxCommandDescription.doc, Rev. 1.00. 1 DIL/NetPC – User Information ------------------------------- ar ar [-o] [-v] [-p] [-t] [-x] ARCHIVE FILES Extract or list FILES from an ar archive. Options: -o preserve original dates -p extract to stdout -t list -x extract -v verbosely list files processed ------------------------------- arping arping [-fqbDUA] [-c count] [-w timeout] [-I device] [-s sender] target Ping hosts by ARP requests/replies. Options: -f Quit on first ARP reply -q Be quiet -b Keep broadcasting, don't go unicast -D Duplicated address detection mode -U Unsolicited ARP mode, update your neighbours -A ARP answer mode, update your neighbours -c count Stop after sending count ARP request packets -w timeout Time to wait for ARP reply, in seconds -I device Outgoing interface name, default is eth0 -s sender Set specific sender IP address target Target IP address of ARP request ------------------------------- ash ash [FILE]..
    [Show full text]
  • System Programming
    System Programming Abdul-Rahman Mahmood http://alphapeeler.sourceforge.net http://pk.linkedin.com/in/armahmood abdulmahmood-sss twitter.com/alphapeeler alphapeeler.sourceforge.net/pubkeys/pkey.htm VC++, VB, ASP 1 About the instructor:Roles/Skills ROLES # Y ORGANIZATIONS Chief Technology Officer 4.2 Riysoft PVT LTD Consultant / Head Crypto Div– MOD 3.0 Ministry of Defense , RikSof, SecureBytes, RT Japan, Pyntail, SSS Proj Manager, Team Lead, OG-I 1.5 National Bank – Head Office (IT Group) Proj Coord / Analyst / Tech Lead 2.5 Plexus (Global Partner - WSI International, Canada.) QMR / Proj / Process / HR Manager 1.5 Softech Worldwide L.L.C. (A US based software house ) IT Manager (Computer Engineer) 1.5 Peritech Intl.– Nagoya, Japan Sr. Software Engineer 3.5 Infinilogic Pvt. Ltd. (A UK based software house) TECHNICAL SKILLS DETAILS Languages & Tools C++, C#, ObjectiveC, PHP,ASP,VC,VB,COM,MTS,ATL,HTML,JScript,Qt Mobile App Development Tools X-Code 3.2/4.0, Titanium. ADT, MS Silverlight 4, Expression Blend Project Management Dot project, MS Project, Mind manager 6 pro, net office. Software Architecture Rational rose, Design for databases, Erwin modeler, MS Visio 2003 Quality Assurance Testog, PVCS tracker, Requisite pro, Mantus BT Configuration & Content Mgmt. Subversion, CVS, VSS, Git, SharePoint, Mambo Server, Wordpress, Durpal Databases / RDBMS Mysql, Postgres, Oracle, MSSQL, MS Access, SQLite Server Administration Win server, SUSE Linux, Apache / IIS, postfix, openxpki, samba, privoxy Reporting Tools Crystal Reports 8.5, Microsoft SQL server reporting Services. CERTIFICATIONS / WORKSHOPS CERTIFICATIONS YEAR INSTITUTION DETAILS QMR certification 2005 Softech worldwide L.L.C (USA) Quality Management Rep. Quality Auditing 2005 Pakistan Institute of Quality Control ISO 9001:200 Brainbench Certifications 2001 Brainbench Corporation, 14425 Penrose Place, Suite VC Transcript ID: 2574319 MS Visual C++, ASP, MS Visual 150, Chantilly, VA 20151, U.S.A.
    [Show full text]
  • Remote-Serial-Console-HOWTO.Pdf
    Remote Serial Console HOWTO Glen Turner Australian Academic and Research Network <[email protected]> Mark F. Komarinski <mkomarinskiATwayga.org> v2.6 2003−03−31 Revision History Revision 2.6 2003−03−31 Revised by: gdt Correct opposing CTS/RTS explanations. Use <quote> in markup. TLDP PDF is now good, so remove instructions for rendering PostScript to PDF. Typo in GRUB configuration. Revision 2.5 2003−01−20 Revised by: gdt Only one console per technology type. Setting timezone. Use off parameter rather than comments in inittab. Cable lengths. Revision 2.4 2002−10−03 Revised by: gdt Kernel flow control bug, more cabling, Debian, Livingston Portmaster, typos (especially those found during translation to Japanese). Revision 2.3 2002−07−11 Revised by: gdt Updates for Red Hat Linux 7.3, corrections to serial port speeds and UARTs, ioctlsave. Revision 2.2 2002−05−22 Revised by: gdt Minor changes Revision 2.1 2002−05−16 Revised by: gdt Corrections to kernel console syntax. Addition of USB and devfs. Revision 2.0 2002−02−02 Revised by: gdt Second edition. Revision d1.0 2001−03−20 Revised by: mfk First edition. An RS−232 serial console allows Linux to be controlled from a terminal or modem attached to an asynchronous serial port. The monitor, mouse and keyboard are no longer required for system administration. Serial consoles are useful where Linux systems are deployed at remote sites or are deployed in high−density racks. This HOWTO describes how to configure Linux to attach a serial console. Dedication Glen Turner would like to thank his family for allowing him to work on this project for the surprisingly large number of evenings which it took to write this HOWTO.
    [Show full text]
  • System Administration Guide: Advanced Administration
    System Administration Guide: Advanced Administration Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 819–2380–13 May 2008 Copyright 2008 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries. U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coffee Cup logo, docs.sun.com, Java, OpenSolaris, Sun xVM hypervisor, and Solaris aretrademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. Adobe is a registered trademark of Adobe Systems, Incorporated. PostScript is a trademark or registered trademark of Adobe Systems, Incorporated, which may be registered in certain jurisdictions.
    [Show full text]
  • Unix Tutorial
    Unix About the Tutorial Unix is a computer Operating System which is capable of handling activities from multiple users at the same time. The development of Unix started around 1969 at AT&T Bell Labs by Ken Thompson and Dennis Ritchie. This tutorial gives a very good understanding on Unix. Audience This tutorial has been prepared for the beginners to help them understand the basics to advanced concepts covering Unix commands, Unix shell scripting and various utilities. Prerequisites We assume you have adequate exposure to Operating Systems and their functionalities. A basic understanding on various computer concepts will also help you in understanding the various exercises given in this tutorial. Execute Unix Shell Programs If you are willing to learn the Unix/Linux basic commands and Shell script but you do not have a setup for the same, then do not worry — The CodingGround is available on a high- end dedicated server giving you real programming experience with the comfort of single- click execution. Yes! It is absolutely free and online. Copyright & Disclaimer Copyright 2016 by Tutorials Point (I) Pvt. Ltd. All the content and graphics published in this e-book are the property of Tutorials Point (I) Pvt. Ltd. The user of this e-book is prohibited to reuse, retain, copy, distribute or republish any contents or a part of contents of this e-book in any manner without written consent of the publisher. We strive to update the contents of our website and tutorials as timely and as precisely as possible, however, the contents may contain inaccuracies or errors.
    [Show full text]
  • Table of Contents
    From−PowerUp−To−Bash−Prompt−HOWTO From−PowerUp−To−Bash−Prompt−HOWTO Table of Contents From Power Up To Bash Prompt......................................................................................................................1 Greg O'Keefe, gcokeefe@postoffice.utas.edu.au....................................................................................1 1. Introduction..........................................................................................................................................1 2. Hardware..............................................................................................................................................1 3. Lilo.......................................................................................................................................................1 4. The Linux Kernel.................................................................................................................................1 5. The GNU C Library.............................................................................................................................1 6. Init........................................................................................................................................................1 7. The Filesystem.....................................................................................................................................2 8. Kernel Daemons...................................................................................................................................2
    [Show full text]
  • Embedded Linux Systems: Using Buildroot for Building Embedded Linux Systems on Rasbperry Pi 3 Model B
    Dpto de Telemática y Electrónica Universidad Politécnica de Madrid Embedded Linux Systems Using Buildroot for building Embedded Linux Systems on Raspberry Pi 3 Model B Sergio Esquembri 2018 ETSIS. Telecomunicación – Universidad Politécnica de Madrid Page 1 of 39 Acknoledgements This document is based on a previous work using RPI Model B of my colleagues Dr. Mariano Ruiz and Dr. Francisco Javier Jímenez from the Department of Telematics and Electronics Engineering of the Technical University of Madrid. Embedded Linux Systems: Using Buildroot for building Embedded Linux Systems on Raspberry Pi 3 Model B by Sergio Esquembri is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. Page 2 of 39 Table of contents 1 SCOPE ........................................................................................................................................ 5 Document Overview .............................................................................................................. 5 Acronyms .............................................................................................................................. 5 2 REFERENCED DOCUMENTS ......................................................................................................... 6 References ............................................................................................................................. 6 3 BUILDING LINUX USING BUILDROOT ........................................................................................... 7 Elements
    [Show full text]
  • Solaris 1.X to 2.X Transition Guide
    Solaris 1.x to Solaris 2.x Transition Guide 2550 Garcia Avenue Mountain View, CA 94043 U.S.A. Part No: 802-1967-10 A Sun Microsystems, Inc. Business Revision A, November 1995 1995 Sun Microsystems, Inc. 2550 Garcia Avenue, Mountain View, California 94043-1100 U.S.A. All rights reserved. This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Portions of this product may be derived from the UNIX® system, licensed from UNIX System Laboratories, Inc., a wholly owned subsidiary of Novell, Inc., and from the Berkeley 4.3 BSD system, licensed from the University of California. Third-party software, including font technology in this product, is protected by copyright and licensed from Sun’s suppliers. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. The product described in this manual may be protected by one or more U.S. patents, foreign patents, or pending applications. TRADEMARKS Sun, Sun Microsystems, the Sun logo, SunSoft, the SunSoft logo, Solaris, SunOS, OpenWindows, DeskSet, ONC, ONC+, and NFS are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd.
    [Show full text]