Putting together TrustedBSD plans for the FreeBSD 5.x and 6.x branches

Robert Watson rwatson at FreeBSD.org
Sun Oct 17 09:39:52 GMT 2004 

Things have been pretty quiet on the TrustedBSD mailing lists recently --
to quiet given that I know a fair amount of work has been going on :-). 
For the past few months I've been pretty occupied with other things at
work, and with the network stacking locking work for FreeBSD 5.3, but I'd
like to put together some initial plans for TrustedBSD-related work in
FreeBSD 5.x and 6.x. 

The current status of various components is something like the following:

- ACL support was integrated into FreeBSD 5.x and included as of about
  5.0.  However, support in the command line tools is still weak, and I'd
  like to refine the semantics of the default ACL so that it matches Linux
  and Solaris (i.e., overrides the umask rather than masking the umask as
  specified in POSIX.1eD17).  I'm happy to do the work on the umask part
  of this, but know others have been working on various ACL pieces
  previously, and would love to see them pick up the user space parts.
  bsdtar grew ACL support, so 5.3 ships with the ability to backup and
  restore ACLs, but I haven't used it as yet.  Modifying dump and restore
  to do the same is important.

- Most of the MAC Framework is present in FreeBSD 5.x and 6.x, providing
  protections for files, processes, sockets, etc.  The primary things in
  the TrustedBSD development branches that haven't been merged are
  labeling and access control for System V IPC, Posix semaphores, and some
  of the work on mountpoints and file descriptor labeling.  I'd like to
  merge the System V IPC protections in the next month or so to 6.x, then
  backport to 5.x after it has settled.  This work includes supporting
  changes to break out the kernel data structures from those exposed as
  part of the user space ABI.  Merging these changes will make the version
  of the MAC Framework in FreeBSD much closer to what is needed to run the
  SEBSD FLASK/TE module out of the box. 

- More work needs to be done in the user space for SEBSD integration, and
  with our current MAC policies.  We're doing work related to this on
  Darwin at work, and I hope to be able to reuse results from that work as
  it matures.  In particular, we need to move towards breaking out the
  user label store from login.conf (convenient for development, but not
  for administration), and permit user policies to "do their own thing" in
  looking up and managing labels -- a requirement for SEBSD which
  maintains this state in kernel.  At McAfee Research, we're beginning
  additional work to improve the usability and functionality of the SEBSD
  module.

- Wayne Solomon is working actively in porting over the Darwin audit
  implementation that McAfee Research did, and has most of the basic
  framework up and running.  Andrew Reiter recently stuck up his head so
  I'm hoping we can convince him to dig in as well.  Hopefully one or both
  of them can send out some status on the audit work soon; it's in the
  trustedbsd_audit3 branch of FreeBSD's perforce server for those
  interested -- if it's not yet exported from cvsup10, I'll investigate
  getting it up sometime soon and taking down the trustedbsd_audit branch.
  Need to update the web page also.

- Tom Rhodes has been leading the charge valiently on improving
  documentation, and has put together a broad range of tutorial content,
  updated man pages, the FreeBSD handbook, etc.  A lot of this would
  benefit from people trying things he talks about out, reviewing from
  real world use, etc.  I also need to work to update the developer
  documentation in the Developer's Handbook, as the API for modules has
  changed a moderate amount as a result of bug fixes, feedback from module
  writers, and functional enhancements.

What I'd like to do is lay out something like the following:

FreeBSD 5.4 goals:

	- ACL umask behavior changed.
	- MAC Framework includes System V IPC, POSIX IPC support.
	- MAC Framework capable of running SEBSD out of the box in terms
	  of kernel support.

FreeBSD 6.x goals:

	- Everything in FreeBSD 5.4.
	- Native BSM audit support.
	- Support for MAC labeling using IPSEC security associations.
	- Improved privilege granularity supported in the MAC Framework.

There's a lot of room for others to do interesting things, including
improving the quality of the MAC policy modules we ship to better support
use in real-world environments, improve integration into the user
environment, or just testing and experimental deployment to report on the
results and help find rough edges.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Principal Research Scientist, McAfee Research

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list