TrustedBSD progress

[Andrew R. Reiter]

On Fri, 11 Jan 2002, Robert Watson wrote:
:TrustedBSD MAC
:  TODO:

Any plans for sysctl?

:
:TrustedBSD CAP
:
:  o Over the past month, substantial progress has been made towards
:    creating a working system that does not provide the root user with
:    superuser privilege.  Useful labels have been determined for a number
:    of userland applications, which have been modified not to assume the
:    presence of root privilege. 
:
:  TODO:
:
:  o More applications, additional work to merge to the mainstream FreeBSD
:    tree.
:
:  o Figure out what to do about /etc/capabilities.
:
:  o Documentation, including tutorials.
:
:  o More philosophical discussion of integration of suser and cap
:    privilege models into the same system.
:
:TrustedBSD Audit
:
:  o Still in the design phase.
:
:  TODO:
:
:  o Much.  Andrew?
:
:TrustedBSD ACL
:
:  This work is largely integrated into the base tree.  Currently, we're
:  not investing much in the way of resources for this, but there has been
:  progress made in porting to Darwin and OpenBSD.  There are some TODO's:
:
:  TODO:
:
:  o Fix bugs in extended attribute 'remount' case, which can cause
:    problems with filesystem remount when autostart is enabled.
:
:  o Commit Chris Faulhaber's patches for additional userland integration,
:    including mv, cp, ls, and others.  Also, look at committing Thomas
:    Moestl's work on EA and ACL backup for tar.
:
:Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
:robert at fledge.watson.org      NAI Labs, Safeport Network Services
:
:
:To Unsubscribe: send mail to majordomo at trustedbsd.org
:with "unsubscribe trustedbsd-discuss" in the body of the message
:

--
Andrew R. Reiter
arr at watson.org
arr at FreeBSD.org


To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message