TrustedBSD progress

Brian F. Feldman green at FreeBSD.org
Sun Jan 13 15:14:14 GMT 2002 

Robert Watson <rwatson at FreeBSD.org> wrote:
> > Any plans for sysctl? 
> (2) Allow MAC policies to define additional protections for nodes.  My
>     temptation is to enforce this at access time, and not attempt to
>     instrument sysctl node creation.  I don't know much about the sysctl
>     implementation, but it seems to me that a reasonable approximated API
>     from the perspective of a MAC policy implementor might be:
> 
> 	int	mac_cred_can_sysctl(name, operation);
> 
>     Attempting to deal with old or new values might get us involved in
>     introducing race conditions, but we'll have to look at some potential
>     applications of MAC in sysctl handling.  Note that some sysctls
>     already do rudimentary polyinstantiation for jail, something that I'm
>     not sure we want to push behind the MAC interface.  The primary role
>     of limiting here might be for MAC models that attempt to augment the
>     UNIX security model while using aspects of the current security model:
>     i.e., models that seek to hide information for users based on uids,
>     etc.  An interesting continuing question will be how much of jail is
>     appropriate to push behind the MAC interface.  Right now, very little,
>     since we can't garbage collect labels in a manner that would allow us
>     to deal with reference-counted prison structures.

In reference to garbage collection, that's actually not quite accurate; we 
can't reference-count-collect quite a many things.  Despite this, though, 
most of these things COULD be garbage-collected by anyone who wanted to write
a garbage collector for any of various types of objects.  By very 
definition, the kernel has to contain followable reference paths to every
object it can care about.  It would be quite realistic, in my opinion, to 
implement a kernel-level GC for various types of objects now, including as a 
performance win against refcounting at every use.

Back to your regularly-scheduled program...

-- 
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 green at FreeBSD.org                    `------------------------------'



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list