TrustedBSD progress

[Robert Watson]

On Fri, 11 Jan 2002, Robert Watson wrote:

>   o MAC integration for devfs so as to label devices properly as they
>     appear in devfs.  Initial hack done, but not yet tested. 

Just finished this last night.  It's now possible for a MAC policy to
define the label for each device or directory as each devfs instance is
populated.  Currently, the mountpoint for the instance isn't passed into
the MAC call, so the MAC code can't differentiate between instances, but
this seems to support most of what we need for now.  For the time-being,
I'm initializing labels as follows for all devices:

	biba/high,mls/low,te/device_t

And as follows for directories:

	biba/high,mls/low,te/fs_t

As our notion of default policy becomes more developed, we'll probably
want to change at least MLS, and probably TE.  The user boot process will
get the opportunity to change the labels before the system goes
multi-user, but ideally if a device is used for storage and is marked as
'secret', that happens before any less trusted components of the system
(non-TCB) get started.  An interesting question to consider is how the
label of, say, a disk device, would reflect the labeling of data stored on
the device.  If ad0s1e contains MLS/high files, ideally (either
automatically, or more likely, manually) the device would get the same
marking to prevent leakage.  I don't know how existing trusted systems
handle this, so insight would be appreciated.

As we move closer to correctly handling labeling of devices and ttys,
we'll need to fix openpty() and other tty-munging code to DTRT with
regards to labels.  Currently, because we're not mediating read/write, it
doesn't hurt too much.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message