What's the status of the project?
rwatson at FreeBSD.org
Sun Jun 10 16:23:33 GMT 2001
Well, part of the current status has involved my moving 400+ miles last
week, and hence not making any progress, or pulling any progress out of
anyone else :-). The status of various TrustedBSD components at this
point seems to be:
TrustedBSD EAs: Kernel and userland libraries/tools committed to
base FreeBSD source tree for inclusion in
5.0-RELEASE. This implementation uses backing
files, but we're in the process of negotiating
work to do this at the block level in the file
system, and to improve integration with
soft updates. These improvements will most
likely go into FreeBSD 6.0-RELEASE. Application
integration, such as into tar, is underway.
TrustedBSD ACLs: Kernel and userland libraries/tools committed to
base FreeBSD source tree; userland application
integration a work in progress (i.e., mv
preserving ACLs across file systems).
TrustedBSD Capabilities: Kernel and userland libraries/tools
completed, but not integrated back into
the base source tree yet (hope to start
this in the next few weeks); application
and boot integration is a work in
progress. We hope to have the completed
kernel support in 5.0-RELEASE, but leave
userland integration for the base system
TrustedBSD MAC: Initial implementation prototyped, but a
reimplementation is underway relying on generic
object labels, see below. This initial prototype
enforced protections on processes and files, but
didn't enforce protections regarding some forms
of IPC or the network stack.
TrustedBSD Object Labels: Generic object labels abstract out
protection behavior for kernel-maintained
objects, allowing that behavior to be more
easily substituted with new security
models. Initial prototyping is underway,
and we've successfully protected a number
of kernel objects using them, as well
as demonstrated compile-time
TrustedBSD Auditing: On the drawing board still.
Areas where patches will likely be released in the near future include an
updated MAC patch based on the initial prototype, an initial release of
object labeling with a MAC implementation based on it, an updated
capability release, and updates to base system applications to support EAs
and ACLs. I'll let Chris and Thomas speak to possible timelines on the
bits of those that they're working on :-).
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org NAI Labs, Safeport Network Services
On Mon, 4 Jun 2001, Ilmar S. Habibulin wrote:
> Hello guys.
> Just want to ask if there is any new patches to test and work on.
> The list became to silent i think. ;-)
> To Unsubscribe: send mail to majordomo at trustedbsd.org
> with "unsubscribe trustedbsd-discuss" in the body of the message
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss