Securing Mach IPC
Todd Miller
Todd.Miller at sparta.com
Tue Mar 7 20:41:25 UTC 2006
On Mar 6, 2006, at 2:10 PM, Alex Barclay wrote:
> Understand that Sparta is working on securing mach IPC. But with the
> volume of messages passed, are their plans to log/audit each mach IPC
> message. I haven't been able to find out what if anything DTOS did in
> that regard.
Currently only the SEDarwin module secures Mach IPC. We do a security
check for each message based on the sender and the destination port
(themessages themselves are not labeled). We mediate send and receive
as well as port right transfers. We haven't measured the performance
hit
yet but it doesn't seem too bad. The avc cache in Flask seems to work
fairly well at reducing the access decision overhead. I develop (well,
compile anyway) on a system with the SEDarwin module enabled and
I don't really notice it...
Now, if you tried to log all mach messages you would certainly take
an additional performance hit. By default we only log denials.
- todd
More information about the trustedbsd-discuss
mailing list