Questions about MAC
Jaroslaw Nozderko
jarek at eko.net.pl
Fri Jan 2 15:52:30 PST 2004
FreeBSD 5.1-RELEASE
Hi,
I'm examining Biba and MLS MAC policies and something is
not clear for me. Unless I'm doing something wrong,
it seems policies are enforced only for reading, but
not writing.
1) Biba
I've created test file with biba/127 label:
$ echo "Message" > file_biba_127.txt
$ setfmac biba/127 file_biba_127.txt
$ getfmac file_biba_127.txt
file_biba_127.txt: biba/127,mls/low
Trying to read with different labels:
$ setpmac biba/high more file_biba_127.txt
file_biba_127.txt: Permission denied
$ setpmac biba/128 more file_biba_127.txt
file_biba_127.txt: Permission denied
$ setpmac biba/127 more file_biba_127.txt
Message
$ setpmac biba/126 more file_biba_127.txt
Message
$ setpmac biba/low more file_biba_127.txt
Message
It looks OK.
- Writing:
$ setpmac biba/high echo "High" >> file_biba_127.txt
$ setpmac biba/128 echo "128" >> file_biba_127.txt
$ setpmac biba/127 echo "127" >> file_biba_127.txt
-- Should the following 2 commands succeed ?
$ setpmac biba/126 echo "126" >> file_biba_127.txt
$ setpmac biba/low echo "low" >> file_biba_127.txt
$ setpmac biba/low more file_biba_127.txt
Message
High
128
127
126
low
All writes succeeded - event writing by process with
biba/126 and biba/low to file with biba/127. Is it correct ?
According to mac_biba(4):
"A subject at a lower integrity level than an object may read the
object, but not write to the object"
2) MLS
As for Biba, I've created file with mls/127:
$ echo "Message" > file_mls_127.txt
$ setfmac mls/127 file_mls_127.txt
$ getfmac file_mls_127.txt
file_mls_127.txt: biba/high,mls/127
- reading:
$ setpmac mls/high more file_mls_127.txt
Message
$ setpmac mls/128 more file_mls_127.txt
Message
$ setpmac mls/127 more file_mls_127.txt
Message
$ setpmac mls/126 more file_mls_127.txt
file_mls_127.txt: Permission denied
$ setpmac mls/low more file_mls_127.txt
file_mls_127.txt: Permission denied
It looks OK.
- writing:
-- Should the following 2 commands succeed ?
$ setpmac mls/high echo "High" >> file_mls_127.txt
$ setpmac mls/128 echo "128" >> file_mls_127.txt
$ setpmac mls/127 echo "127" >> file_mls_127.txt
$ setpmac mls/126 echo "126" >> file_mls_127.txt
$ setpmac mls/low echo "Low" >> file_mls_127.txt
$ setpmac mls/high more file_mls_127.txt
Message
High
128
127
126
Low
All writes above succeeded. Should policy allow command
ran as mls/high and mls/128 to write to a file with mls/127 ?
Does it conform to *-property (no write down) ?
mac_mls(4) says:
"Subjects may not write to objects with a lower classification level
than its own clearance level"
Am I making some obvious mistake ?
Thanks in advance for any help.
Regards,
Jarek
More information about the freebsd-security
mailing list