mac_partition and /sbin/init

Kenny Freeman freeman at cs.dal.ca
Thu Sep 25 18:26:04 GMT 2003 

On September 25, 2003 12:28 pm, Robert Watson wrote:
[SNIP]
> Yes, that would be pretty easy to do actually: the conversion to and from
> text occurs in the kernel in the mac_partition internalize/externalize
> routines.  I haven't compiled/tested it, but the attached patch might be
> close to what you want.  It still interprets partition/0 as "none", but
> now exports "partition/0" as "partition/none", and knows that
> "partition/none" is the same as "partition/0" on import.

Cool, that would make things a whole lot less confusing for people just 
getting started with the mac modules. Now that I know partiton/0 == 
partition/none it makes no difference to me but might to other peeps.

>
> > I guess I'm going to have to put in a few rc scripts to
> > start these jails up. Using the jail util like:
> >
> > jail_dnscache_exec="/usr/sbin/setpmac partition/1 /bin/sh /etc/rc"
> >
> >  I get permission denied errors when setting the partition to anything
> > other than none, presumably because the process has already been put
> > inside the jail when the setpmac util is run.
>
> Yeah.  Currently, processes in jail aren't permitted to change the
> partition label, so you have to put it in the partition first.  Note that
> the only real effect of the partition module in this case will be to
> reinforce the existing protections, I believe.

I like that - processes inside a jail should not be able to change their 
partition label. It looks like your right about the effect of the partition 
module. If i start a jail up normally I can only see the processes inside the 
jail, same thing goes for starting it in a different partition, just has 
another layer to get through. I'm just getting started working with jails + 
mac...

[SNIP]

> Are you looking more for theory behind them, or for documentation about
> specifically implementing them?  The original Biba and Bell-La Padula
> papers are a good source for the theory.  In terms of implementing them on
> FreeBSD, that's an area where we're lacking on the documentation side and
> need to work to improve things.
>

Hrmm. What I'm looking for is something that tells me how to use the modules 
from a sysadmin pov. By that I mean examples that show some method of 
selecting a biba/lomac/mls label for a given file/user/etc and why it helps 
to secure the system. 

What I have in mind atm is to create a database that will hold information 
about all files on the system. I'd like to create a few cgi scripts to be 
able to look at these files and be able to see how the system comes up ( init 
-> /etc/rc -> /etc/rc.d/... -> ... ). From that information I could start to 
build a biba/lomac/mls/etc policy that would help secure the system, keeping 
this policy in the db as well. I'm looking at this from the pov of containing 
any network accessable processes so that even if there are multiple exploits 
they will still be contained to a known set of files/processes. Having a nice 
graphical representation of the systems process tree would help.

This is no weekend project for sure.  The docs that I've been able to find on 
biba and lomac don't get into example policies, only theory and 
implementation details. I guess this would be because it takes a long time to 
develop proper policies for real systems.


> Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
> robert at fledge.watson.org      Network Associates Laboratories
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/trustedbsd-discuss/attachments/20030925/2aff984d/attachment.bin

More information about the trustedbsd-discuss mailing list