mac_partition and /sbin/init
Kenny Freeman
freeman at cs.dal.ca
Thu Sep 25 18:26:04 GMT 2003
On September 25, 2003 12:28 pm, Robert Watson wrote:
[SNIP]
> Yes, that would be pretty easy to do actually: the conversion to and from
> text occurs in the kernel in the mac_partition internalize/externalize
> routines. I haven't compiled/tested it, but the attached patch might be
> close to what you want. It still interprets partition/0 as "none", but
> now exports "partition/0" as "partition/none", and knows that
> "partition/none" is the same as "partition/0" on import.
Cool, that would make things a whole lot less confusing for people just
getting started with the mac modules. Now that I know partiton/0 ==
partition/none it makes no difference to me but might to other peeps.
>
> > I guess I'm going to have to put in a few rc scripts to
> > start these jails up. Using the jail util like:
> >
> > jail_dnscache_exec="/usr/sbin/setpmac partition/1 /bin/sh /etc/rc"
> >
> > I get permission denied errors when setting the partition to anything
> > other than none, presumably because the process has already been put
> > inside the jail when the setpmac util is run.
>
> Yeah. Currently, processes in jail aren't permitted to change the
> partition label, so you have to put it in the partition first. Note that
> the only real effect of the partition module in this case will be to
> reinforce the existing protections, I believe.
I like that - processes inside a jail should not be able to change their
partition label. It looks like your right about the effect of the partition
module. If i start a jail up normally I can only see the processes inside the
jail, same thing goes for starting it in a different partition, just has
another layer to get through. I'm just getting started working with jails +
mac...
[SNIP]
> Are you looking more for theory behind them, or for documentation about
> specifically implementing them? The original Biba and Bell-La Padula
> papers are a good source for the theory. In terms of implementing them on
> FreeBSD, that's an area where we're lacking on the documentation side and
> need to work to improve things.
>
Hrmm. What I'm looking for is something that tells me how to use the modules
from a sysadmin pov. By that I mean examples that show some method of
selecting a biba/lomac/mls label for a given file/user/etc and why it helps
to secure the system.
What I have in mind atm is to create a database that will hold information
about all files on the system. I'd like to create a few cgi scripts to be
able to look at these files and be able to see how the system comes up ( init
-> /etc/rc -> /etc/rc.d/... -> ... ). From that information I could start to
build a biba/lomac/mls/etc policy that would help secure the system, keeping
this policy in the db as well. I'm looking at this from the pov of containing
any network accessable processes so that even if there are multiple exploits
they will still be contained to a known set of files/processes. Having a nice
graphical representation of the systems process tree would help.
This is no weekend project for sure. The docs that I've been able to find on
biba and lomac don't get into example policies, only theory and
implementation details. I guess this would be because it takes a long time to
develop proper policies for real systems.
> Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
> robert at fledge.watson.org Network Associates Laboratories
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/trustedbsd-discuss/attachments/20030925/2aff984d/attachment.bin
More information about the trustedbsd-discuss
mailing list