From owner-freebsd-questions@freebsd.org Tue Feb 26 15:59:30 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B3F9B151D738 for ; Tue, 26 Feb 2019 15:59:29 +0000 (UTC) (envelope-from albin.liden@gmail.com) Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9640C8B4B6 for ; Tue, 26 Feb 2019 15:59:28 +0000 (UTC) (envelope-from albin.liden@gmail.com) Received: by mail-wr1-x42d.google.com with SMTP id r5so14523230wrg.9 for ; Tue, 26 Feb 2019 07:59:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=lk6SZ1iNgm5v3zNb9ppkR9KiTKPLmcVkKB5ktJ8gzDc=; b=RCEp0sFdKKXXAC07tqiPBdgJPIRxaSDDJz2dVDY+Mr72xGeyysYoicxXpqLjwYxe9g 5exY03CNVbnEOurTwnnGUtoQz0GXhG2ltbJ+zzucvv+Dn1stWtKWb+clRambg+29auMV lcV8PlPkBIjAEtdkHq0kNpNHfpho+B0JYwfHbjGIS4EidQvIJzS6EhgBE/9nNlolYLOt sdrZAGzxmqJuIJbRhCCeD9XITg/wNXKghSzWV10OUkEYM7kHAZV/Qu3rnK6K7a/uAD6H 9AtZXeZsPDsDYvoaPNhXKcH/9gzmn7ZCq31EitqGoOlr4KFwT5TerlbGceFV6ql06Eax adlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=lk6SZ1iNgm5v3zNb9ppkR9KiTKPLmcVkKB5ktJ8gzDc=; b=rNtHV3hKcRTCmaOQCsJ1fAkki7YdAb+Uggat9ChgYmpKxs5ScUrXre+YEzJKokNIy8 9HoybiGSuQpUmLp4wovaOBN1lHyfa/s1GB399R5uF1W9A8N6riBm5vzE20GlKt6g9fdt vnovjAqUjq32VEYuWo+GnMNOqEmDupAXpR7SH8sWmwem6WrN9+VjsUrgWFMqoD4eORuT NuwtnrXCmNclOXRROcz4WRT/gf+hFgK/txSEluHLZ+04Ep2YGfI56DoSe+NVtWO9JL7P +dOpMK9pequ4GX6IEiCFeo+eX6YiKtHXot8RYgEutZGNh/eFHK5H9AwgXkFrgs+aiT05 3zFw== X-Gm-Message-State: AHQUAuZv+I9zyrCh3lV7W3F10YsAzDAKi+GyAdVqHT0LQzYjUocM/RMn 5h2udXnIyzLEvcSxZe/ZPcv4pVEGF67I4+Sf4P4df5QN X-Google-Smtp-Source: AHgI3IZekfkhKb0+ZRPElKcQCVxuQRo6ChiaSpT3AlYsFpXcJ1dezC+CvAxIMhsne3hwSb1rZne/qH2abAdiigtKanI= X-Received: by 2002:adf:b648:: with SMTP id i8mr16707742wre.319.1551196766581; Tue, 26 Feb 2019 07:59:26 -0800 (PST) MIME-Version: 1.0 From: =?UTF-8?B?QWxiaW4gTGlkw6lu?= Date: Tue, 26 Feb 2019 16:59:16 +0100 Message-ID: Subject: ILLUSION part 2 To: freebsd-questions@freebsd.org X-Rspamd-Queue-Id: 9640C8B4B6 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=RCEp0sFd; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of albinliden@gmail.com designates 2a00:1450:4864:20::42d as permitted sender) smtp.mailfrom=albinliden@gmail.com X-Spamd-Result: default: False [-6.80 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.98)[-0.981,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-2.81)[ip: (-9.71), ipnet: 2a00:1450::/32(-2.25), asn: 15169(-2.00), country: US(-0.07)]; RCVD_IN_DNSWL_NONE(0.00)[d.2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2019 15:59:30 -0000 Howdi Please do forward this to the right team Here are some more ideas about ILLUSION. A little more specifics for The Matrix security suite Please check the first document/email before reading this (part 2) Some abstracts may be in collision course with first document Simply see this as a further explanation or clarification not the ultimate truth. This is still, more or less, a concept/idea. This means everything about this can be exchanged for something else especially if another functionality is better/wizer. Also, keep in mind that this is a concept NOT a technical implementaiton (programlanguage code) of any sort. Those details are left for the developers. And the interface of The Matrix are something for the GUI-designers of apache/localhostaccess for customizing The Matrix ----------->>The Matrix<<--------------- These are variables to an illusion system Accesslevels: Smith Root of Illusion, full control to everything, but cannot uninstall the matrix Agent with different degree, allowed full control of Illusion Examples of security principles being applied with illcontrol utility * Install sub illusion * Install backdoor * Install jail with warden * Install programs systemwide * Install SELinux * Install PAM * Install ACL * Put illusion into reset-mode Reset-mode will make a users=C2=B4s file and setting reset Admin may execute a instant reset or it can be scheduled Meaning everything is really read-only, But there seems to be write-access, That, is only an illusion however * Run symlinks from custom list * Install firewall * Install into Home/ using public libraries * Security setting of ONLY allowing appimages to be executed * Grant mounting options to various users and drives * Grant access to give other access to various * Give access to harddware * Give access/denial to change password for self/others * Give access/denial to root-bins located in /usr/sbin * Give custom chmod access to any other folder * Give shell access * Give command from psuedo-console (not shell): only execution of appimages or certain installed programs * Give read/write access to HOME * Give access to compile within home * Give access or denial to share a folder in /TMP with others * White/Black-list programs from running and modify files Agent adjusts the ILLUSION with the commandline program illcontrol USERS/Groups of users: * Neo May access custom control of illusion Accessable with HTTP to localhost Need webdesign and programming * Someone Can see ILLUSION is running May have info about what's possible or not during this state Access depending on configuration User is in a jail and so on, but is not a hoax system * User/Group: Nobody Put in a mode where ILLUSION is active Everything there is to a system will be shown in any manner adm likes A "spooky" environment, but user has no clue Admins can see users activities, log his actions Admins can put in fake binaries like showing another uname -a, uptime etc Implemented possibility of giving user Nobody a root account A Nobody may be granted a fake-root password with sudo But will not be able to escape a actual jail or understand it is a jail at all, seeing other files, other users and so on but everything is a illusion= . This jail will actually be in total domination of the admins/crew of the ILLUSION System may be altered in any spooky way adm likes But should always look alike a real system itself This fake mechanism will be based upon ILLUSIONs settings and configuration Having a function for the admins to on-the-fly hoax with the user Applying extra customizations for the Nobody user restrictions from the list above with all the examples of security locks. [MORE SECURITY SPECIFICS MAY BE INCLUDED, THESE ARE ONLY A PROPOSITION, NOT DEFINITE]. [PLEASE SEEK AN EXPERT IN UNIX/LINUX SECURITY FOR MORE POSSIBLE SECURITY IMPLEMENTATION FOR The Matrix] Thanks for listening, bye!