What's the status of the project?

Robert Watson rwatson at FreeBSD.org
Sun Jun 10 16:23:33 GMT 2001


Well, part of the current status has involved my moving 400+ miles last
week, and hence not making any progress, or pulling any progress out of
anyone else :-).  The status of various TrustedBSD components at this
point seems to be:

TrustedBSD EAs:		Kernel and userland libraries/tools committed to
			base FreeBSD source tree for inclusion in
			5.0-RELEASE.  This implementation uses backing
			files, but we're in the process of negotiating
			work to do this at the block level in the file
			system, and to improve integration with
			soft updates.  These improvements will most
			likely go into FreeBSD 6.0-RELEASE.  Application
			integration, such as into tar, is underway.
TrustedBSD ACLs:	Kernel and userland libraries/tools committed to
			base FreeBSD source tree; userland application
			integration a work in progress (i.e., mv
			preserving ACLs across file systems).
TrustedBSD Capabilities:	Kernel and userland libraries/tools
				completed, but not integrated back into
				the base source tree yet (hope to start
				this in the next few weeks); application
				and boot integration is a work in
				progress.  We hope to have the completed
				kernel support in 5.0-RELEASE, but leave
				userland integration for the base system
				until 6.0-RELEASE.
TrustedBSD MAC:		Initial implementation prototyped, but a
			reimplementation is underway relying on generic
			object labels, see below.  This initial prototype
			enforced protections on processes and files, but
			didn't enforce protections regarding some forms
			of IPC or the network stack.
TrustedBSD Object Labels:	Generic object labels abstract out
				protection behavior for kernel-maintained
				objects, allowing that behavior to be more
				easily substituted with new security
				models.  Initial prototyping is underway,
				and we've successfully protected a number
				of kernel objects using them, as well
				as demonstrated compile-time
				extensibility.
TrustedBSD Auditing:	On the drawing board still.

Areas where patches will likely be released in the near future include an
updated MAC patch based on the initial prototype, an initial release of
object labeling with a MAC implementation based on it, an updated
capability release, and updates to base system applications to support EAs
and ACLs.  I'll let Chris and Thomas speak to possible timelines on the
bits of those that they're working on :-).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services

On Mon, 4 Jun 2001, Ilmar S. Habibulin wrote:

> 
> Hello guys.
> 
> Just want to ask if there is any new patches to test and work on.
> The list became to silent i think. ;-)
> 
> 
> To Unsubscribe: send mail to majordomo at trustedbsd.org
> with "unsubscribe trustedbsd-discuss" in the body of the message
> 


To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message



More information about the trustedbsd-discuss mailing list