TrustedBSD progress
Robert Watson
rwatson at FreeBSD.org
Sat Jan 12 14:24:27 GMT 2002
On Fri, 11 Jan 2002, Andrew R. Reiter wrote:
> On Fri, 11 Jan 2002, Robert Watson wrote:
> :TrustedBSD MAC
> : TODO:
>
> Any plans for sysctl?
Not currently, although there are probably at least two issues to address:
(1) How to integrate sysctl into the capability model: probably means
allowing each sysctl node to specify the capability (or mask) required
to modify the entry. Alternatively, fall back on some generic
capability for all of them, but I'm not sure that's satisfactory, but
it is implemented as CAP_SYS_ADMIN.
(2) Allow MAC policies to define additional protections for nodes. My
temptation is to enforce this at access time, and not attempt to
instrument sysctl node creation. I don't know much about the sysctl
implementation, but it seems to me that a reasonable approximated API
from the perspective of a MAC policy implementor might be:
int mac_cred_can_sysctl(name, operation);
Attempting to deal with old or new values might get us involved in
introducing race conditions, but we'll have to look at some potential
applications of MAC in sysctl handling. Note that some sysctls
already do rudimentary polyinstantiation for jail, something that I'm
not sure we want to push behind the MAC interface. The primary role
of limiting here might be for MAC models that attempt to augment the
UNIX security model while using aspects of the current security model:
i.e., models that seek to hide information for users based on uids,
etc. An interesting continuing question will be how much of jail is
appropriate to push behind the MAC interface. Right now, very little,
since we can't garbage collect labels in a manner that would allow us
to deal with reference-counted prison structures.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org NAI Labs, Safeport Network Services
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list