From owner-trustedbsd-discuss@FreeBSD.ORG Tue Mar 7 20:41:25 2006 Return-Path: X-Original-To: trustedbsd-discuss@FreeBSD.org Delivered-To: trustedbsd-discuss@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 963A216A420 for ; Tue, 7 Mar 2006 20:41:25 +0000 (GMT) (envelope-from Todd.Miller@sparta.com) Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 04C5E43D48 for ; Tue, 7 Mar 2006 20:41:24 +0000 (GMT) (envelope-from Todd.Miller@sparta.com) Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id k27KfNnp013642; Tue, 7 Mar 2006 14:41:23 -0600 Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com [157.185.80.75]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id k27KfNMf023282; Tue, 7 Mar 2006 14:41:23 -0600 Received: from [127.0.0.1] ([157.185.80.253]) by nemo.columbia.ads.sparta.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 7 Mar 2006 15:41:22 -0500 In-Reply-To: <1f81ef870603061110o62db95e1v58812bfdf0c1b3fb@mail.gmail.com> References: <1f81ef870603061110o62db95e1v58812bfdf0c1b3fb@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <425FB92C-B2E8-4945-9C6D-E953935DBAED@sparta.com> Content-Transfer-Encoding: 7bit From: Todd Miller Date: Tue, 7 Mar 2006 15:41:21 -0500 To: Alex Barclay X-Mailer: Apple Mail (2.746.2) X-OriginalArrivalTime: 07 Mar 2006 20:41:22.0450 (UTC) FILETIME=[7EC2EF20:01C64227] Cc: trustedbsd-discuss@FreeBSD.org Subject: Re: Securing Mach IPC X-BeenThere: trustedbsd-discuss@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD General Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2006 20:41:25 -0000 On Mar 6, 2006, at 2:10 PM, Alex Barclay wrote: > Understand that Sparta is working on securing mach IPC. But with the > volume of messages passed, are their plans to log/audit each mach IPC > message. I haven't been able to find out what if anything DTOS did in > that regard. Currently only the SEDarwin module secures Mach IPC. We do a security check for each message based on the sender and the destination port (themessages themselves are not labeled). We mediate send and receive as well as port right transfers. We haven't measured the performance hit yet but it doesn't seem too bad. The avc cache in Flask seems to work fairly well at reducing the access decision overhead. I develop (well, compile anyway) on a system with the SEDarwin module enabled and I don't really notice it... Now, if you tried to log all mach messages you would certainly take an additional performance hit. By default we only log denials. - todd