From nobody Fri Oct 10 13:45:03 2025 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cjnzz4lrdz6C3pW for ; Fri, 10 Oct 2025 13:45:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cjnzz4BwCz3KXC; Fri, 10 Oct 2025 13:45:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760103903; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=zMlz/9Mf2zYIXJy+0dw0moZjfi/VamlMW1MnGsNAcM0=; b=t7n5WFx/AJiqmJM03Ic+sjAIHNe4ElSWPigZ5GM1kkju7pYUWYuBchCO0bDgJN8uWynREK XVfdPGCUvcWaViLMgCzoJ9PziMkXWTwvoFSqxmuWSos79DeKSC47GaGpEcmi0zabSkXVuw yS/oU/tqsUEvmFuI4dF6pj1YH8IAXfyzG/XX64rWMhkNN2V82NVvgE+LpFY72z2UgYEMtQ vR3QJ9270EGCAI6qaM9owz/hbtpMkNV96UrrVB8RleQtbj6z1uqc6R/tO0Hu936YdluRHa Y4ptUkjvZWcSS+G+mU/9gQDQsXsz4lUkT5Jt2JeliSQbi3uqPWS78ItdhTfi1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760103903; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=zMlz/9Mf2zYIXJy+0dw0moZjfi/VamlMW1MnGsNAcM0=; b=FXSo9B85q5ZXVgIcJwTE5XSxi3Z6qDS7FEd9j8ybUj9Rr0zWQ2I6JkqDnz2aWXjPPUZa+9 E6OFwVznc7wYOhxpSTxS+j/Gf4xCGZnuIKqxuZQuyAS+JU2KKRPuU+5DJ3C/L6eNe8Nqc9 wD9iju+pksCp7PtPUsqSCv1Lz4uirxrbltFm5dlktpT+BtUAwp2dLgxKlkB2kf+XvnEpI/ jjGpfM3V2ukUbjiNcarYHAbVGbYCEgcplG8teVdoaw+CmnKMrVXhIyJWF0Frm7K7GGvI9p qz8jAADGu0CL0xzrWBE+KV2Kx6CScPrHJKlGNEKgXhEoS1tqZYtfSVs/rNZQdw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760103903; a=rsa-sha256; cv=none; b=bDQie/zWfuxkLchZSOQ8EFUEEtlGGIZJqQCal9yzlVApLb9UGa3xaVJi/AJ53vlaC7fzLn K1TIrD9WTs98qwgY1Gflt+5zIaRu1EJmnQp95oa3i9hjpB8bMcWUNy3dlJ+jTxdW35ipKJ 47xNaPzbXq+zKRcIysCjfVr4a8MaWYffVBletplBzLxB8mEosuz/aQmZdc0P0d3myiA/rp F6ZLeQNvzQGFFTmW/dLVLdmOQoyk0jDfhq6wq69NOu+diEQPHqLEPjhpNAEayvZlNOMQve QjIaWLxcbF/FW9fJHKKt2hUWPQT8E7iOE05+/S1b8uqmoY2st/Y9IbcZSBh7UA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cjnzz3Wxcz14TP; Fri, 10 Oct 2025 13:45:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59ADj3GY012249; Fri, 10 Oct 2025 13:45:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59ADj3uI012246; Fri, 10 Oct 2025 13:45:03 GMT (envelope-from git) Date: Fri, 10 Oct 2025 13:45:03 GMT Message-Id: <202510101345.59ADj3uI012246@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Lorenzo Salvadore Subject: git: cd2c67fb12 - main - Status/2025Q3/mac_do.adoc: Add report List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-doc-all@freebsd.org Sender: owner-dev-commits-doc-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: salvadore X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: cd2c67fb127c629084fc470452f8d6a469c6487b Auto-Submitted: auto-generated The branch main has been updated by salvadore: URL: https://cgit.FreeBSD.org/doc/commit/?id=cd2c67fb127c629084fc470452f8d6a469c6487b commit cd2c67fb127c629084fc470452f8d6a469c6487b Author: Kushagra Srivastava AuthorDate: 2025-09-25 15:11:08 +0000 Commit: Lorenzo Salvadore CommitDate: 2025-10-10 13:06:57 +0000 Status/2025Q3/mac_do.adoc: Add report Pull Request: https://github.com/freebsd/freebsd-doc/pull/552 --- .../en/status/report-2025-07-2025-09/mac_do.adoc | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/website/content/en/status/report-2025-07-2025-09/mac_do.adoc b/website/content/en/status/report-2025-07-2025-09/mac_do.adoc new file mode 100644 index 0000000000..8c29e839b9 --- /dev/null +++ b/website/content/en/status/report-2025-07-2025-09/mac_do.adoc @@ -0,0 +1,22 @@ +=== mac_do(4) and mdo(1) Improvements + +Links: + +link:https://wiki.freebsd.org/SummerOfCode2025Projects/MacDoAndMDoImprovements[Wiki page] URL: link:https://wiki.freebsd.org/SummerOfCode2025Projects/MacDoAndMDoImprovements[] + +Contact: Kushagra Srivastava + +As part of Google Summer of Code 2025, I worked on two related sub-projects in the FreeBSD Project: kernel improvements to man:mac_do[4] and userland enhancements to man:mdo[1]. + +mac_do is a kernel MAC security module that allows controlled credential transitions without requiring setuid binaries. The project extended it in two key ways: + +* **Per-jail configuration of authorized executables** – administrators can now specify a list of executables per-jail, permitted to request credential transitions, instead of being limited to the hardcoded [.filename]#/usr/bin/mdo#. +* **Support for traditional credential-changing syscalls** – transitions requested via man:setuid[2], man:setgid[2], man:setgroups[2], and related functions are now intercepted and authorized through mac_do, in addition to the original man:setcred[2] mechanism. + +On the userland side, the companion tool man:mdo[1] was extended to: + +* Allow explicit UID/GID overrides, fine-grained group management (`-g`, `-G`, `-s` options), and improved credential parsing. +* Provide a `--print-rule` option to display the corresponding mac_do rule for a requested transition. + +Together, these improvements make mac_do and mdo far more flexible and practical, enabling safer privilege transitions without relying on setuid executables and with strong jail integration. + +Sponsor: Google LLC (Google Summer of Code 2025)