Date: Sat, 3 Jan 2004 00:50:24 +0100 From: Jaroslaw Nozderko <jarek@eko.net.pl> To: freebsd-security@freebsd.org Subject: Questions about MAC Message-ID: <200401030050.24139.jarek@eko.net.pl>
next in thread | raw e-mail | index | archive | help
FreeBSD 5.1-RELEASE Hi, I'm examining Biba and MLS MAC policies and something is not clear for me. Unless I'm doing something wrong, it seems policies are enforced only for reading, but not writing. 1) Biba I've created test file with biba/127 label: $ echo "Message" > file_biba_127.txt $ setfmac biba/127 file_biba_127.txt $ getfmac file_biba_127.txt file_biba_127.txt: biba/127,mls/low Trying to read with different labels: $ setpmac biba/high more file_biba_127.txt file_biba_127.txt: Permission denied $ setpmac biba/128 more file_biba_127.txt file_biba_127.txt: Permission denied $ setpmac biba/127 more file_biba_127.txt Message $ setpmac biba/126 more file_biba_127.txt Message $ setpmac biba/low more file_biba_127.txt Message It looks OK. - Writing: $ setpmac biba/high echo "High" >> file_biba_127.txt $ setpmac biba/128 echo "128" >> file_biba_127.txt $ setpmac biba/127 echo "127" >> file_biba_127.txt -- Should the following 2 commands succeed ? $ setpmac biba/126 echo "126" >> file_biba_127.txt $ setpmac biba/low echo "low" >> file_biba_127.txt $ setpmac biba/low more file_biba_127.txt Message High 128 127 126 low All writes succeeded - event writing by process with biba/126 and biba/low to file with biba/127. Is it correct ? According to mac_biba(4): "A subject at a lower integrity level than an object may read the object, but not write to the object" 2) MLS As for Biba, I've created file with mls/127: $ echo "Message" > file_mls_127.txt $ setfmac mls/127 file_mls_127.txt $ getfmac file_mls_127.txt file_mls_127.txt: biba/high,mls/127 - reading: $ setpmac mls/high more file_mls_127.txt Message $ setpmac mls/128 more file_mls_127.txt Message $ setpmac mls/127 more file_mls_127.txt Message $ setpmac mls/126 more file_mls_127.txt file_mls_127.txt: Permission denied $ setpmac mls/low more file_mls_127.txt file_mls_127.txt: Permission denied It looks OK. - writing: -- Should the following 2 commands succeed ? $ setpmac mls/high echo "High" >> file_mls_127.txt $ setpmac mls/128 echo "128" >> file_mls_127.txt $ setpmac mls/127 echo "127" >> file_mls_127.txt $ setpmac mls/126 echo "126" >> file_mls_127.txt $ setpmac mls/low echo "Low" >> file_mls_127.txt $ setpmac mls/high more file_mls_127.txt Message High 128 127 126 Low All writes above succeeded. Should policy allow command ran as mls/high and mls/128 to write to a file with mls/127 ? Does it conform to *-property (no write down) ? mac_mls(4) says: "Subjects may not write to objects with a lower classification level than its own clearance level" Am I making some obvious mistake ? Thanks in advance for any help. Regards, Jarek
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401030050.24139.jarek>