Questions about MAC

Jaroslaw Nozderko jarek at eko.net.pl
Fri Jan 2 15:52:30 PST 2004 

FreeBSD 5.1-RELEASE

Hi,

I'm examining Biba and MLS MAC policies and something is
not clear for me. Unless I'm doing something wrong,
it seems policies are enforced only for reading, but
not writing.

1) Biba

I've created test file with biba/127 label:

$ echo "Message" > file_biba_127.txt

$ setfmac biba/127 file_biba_127.txt

$ getfmac file_biba_127.txt
file_biba_127.txt: biba/127,mls/low

Trying to read with different labels:

$ setpmac biba/high  more file_biba_127.txt
file_biba_127.txt: Permission denied

$ setpmac biba/128  more file_biba_127.txt
file_biba_127.txt: Permission denied

$ setpmac biba/127  more file_biba_127.txt
Message

$ setpmac biba/126  more file_biba_127.txt
Message

$ setpmac biba/low  more file_biba_127.txt
Message

It looks OK.

- Writing:

$ setpmac biba/high echo "High" >> file_biba_127.txt

$ setpmac biba/128 echo "128" >> file_biba_127.txt

$ setpmac biba/127 echo "127" >> file_biba_127.txt

-- Should the following 2 commands succeed ?
$ setpmac biba/126 echo "126" >> file_biba_127.txt
$ setpmac biba/low echo "low" >> file_biba_127.txt

$ setpmac biba/low more file_biba_127.txt
Message
High
128
127
126
low

All writes succeeded - event writing by process with
biba/126 and biba/low to file with biba/127. Is it correct ?

According to mac_biba(4):

"A subject at a lower integrity level than an object may read the
object, but not write to the object"

2) MLS

As for Biba, I've created file with mls/127:

$ echo "Message" > file_mls_127.txt

$ setfmac mls/127 file_mls_127.txt

$ getfmac file_mls_127.txt
file_mls_127.txt: biba/high,mls/127

- reading:

$ setpmac mls/high  more file_mls_127.txt
Message

$ setpmac mls/128  more file_mls_127.txt
Message

$ setpmac mls/127  more file_mls_127.txt
Message

$ setpmac mls/126  more file_mls_127.txt
file_mls_127.txt: Permission denied

$ setpmac mls/low  more file_mls_127.txt
file_mls_127.txt: Permission denied

It looks OK.

- writing:

-- Should the following 2 commands succeed ?
$ setpmac mls/high echo "High" >> file_mls_127.txt
$ setpmac mls/128 echo "128" >> file_mls_127.txt

$ setpmac mls/127 echo "127" >> file_mls_127.txt
$ setpmac mls/126 echo "126" >> file_mls_127.txt
$ setpmac mls/low echo "Low" >> file_mls_127.txt

$ setpmac mls/high more file_mls_127.txt
Message
High
128
127
126
Low

All writes above succeeded. Should policy allow command
ran as mls/high and mls/128 to write to a file with mls/127 ?
Does it conform to *-property (no write down) ?

mac_mls(4) says:

"Subjects may not write to objects with a lower classification level
than its own clearance level"

Am I making some obvious mistake ? 
Thanks in advance for any help.

Regards,
Jarek

More information about the freebsd-security mailing list