Date: Sat, 2 Aug 2003 10:05:49 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 35396 for review Message-ID: <200308021705.h72H5niq017207@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=35396 Change 35396 by rwatson@rwatson_paprika on 2003/08/02 10:04:50 Updates to the MAC section of the Sec Arch. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#3 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#3 (text+ko) ==== @@ -2752,10 +2752,23 @@ <title>Mandatory Access Control</title> <para>As of FreeBSD 5.0, experimental support for Mandatory Access Control (MAC) provided by the TrustedBSD Project has been - integrated into the operating system. The kernel supports a - flexible MAC Framework permitting policy modules to augment - the kernel security policy, as well as maintain security - labeling information on a variety of system objects.</para> + integrated into the operating system. + The kernel may be compiled with <literal>options MAC</literal> + to enable a pluggable labeled access control framework. + The MAC Framework permits policy modules to augment the kernel + security policy, as well as maintain security labeling + information on a variety of system objects. + Common infrastructure provided by the Framework include + the ability to augment critical system security decisions, + a policy-agnostic security labeling service, composition of + simultaneously loaded policies, and system calls and APIs for + application management of labels. + The MAC Framework is capable of supporting policy modules + implementing a broad range of access control policies, including + hardening changes to the base FreeBSD policy, Biba integrity, + MLS confidentiality, RBAC, Type Enforcement, and many + more.</para> + <para> mac.conf: default MAC labels to show for various objects, including @@ -2770,30 +2783,114 @@ third party models, including sebsd </para> -<para> -Common facilities for MAC policies, including labeling, access control, -labeling, utilities, etc. -</para> + <variablelist> + <varlistentry> + <term>mac_biba</term> + <listitem> + <para>Biba data integrity policy; makes use of information + labeling and flow control to prevent violation of system + integrity constraints. + Security labels on subjects and objects include both + hierarchal (ordered) and non-hierarchal (compartmented) + components.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>mac_bsdextended</term> + <listitem> + <para>File system firewall policy; maintains a rule set + placing restrictions on file system access based on + existing security parameters, such as process uid, gids, + and file owner and group.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>mac_ifoff</term> + <listitem> + <para>Interface silencing policy; controls the incoming and + outgoing flow of packets via network interfaces.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>mac_lomac</term> + <listitem> + <para>Low-Watermark Mandatory Access Control (LOMAC) policy; + as with Biba, a labeled integrity policy, but making use + of floating subject labels which downgrade based on + access to information of lower integrity.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>mac_mls</term> + <listitem> + <para>Multi-Level Security (MLS) confidentiality policy; + implements the classing MLS MAC policy, providing both + hierarchal levels and non-hierarchal compartments to + control the flow of information to unauthorized + parties.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>mac_none</term> + <listitem> + <para>Null policy used for performance testing purposes.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>mac_partition</term> + <listitem> + <para>Simple system partition policy controlling inter-process + visibility based on administrator-defined security + partitions.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>mac_portacl</term> + <listitem> + <para>IP port access control list policy; implements controls + on system calls requesting the assignment of specific + UDP and TCP port numbers. + Intended for use with systems that no longer require root + privilege to bind low port numbers.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>mac_seeotheruids</term> + <listitem> + <para>Inter-process visibility policy; controls whether users + are permitted to see (and otherwise interact) with processes + owned by other users.</para> + </listitem> + </varlistentry> -<para> -various security models: + <varlistentry> + <term>mac_stub</term> + <listitem> + <para>Prototype policy containing stub implementations of all + entry points; intended for use by developers of new system + policies.</para> + </listitem> + </varlistentry> -mac(4) - Mandatory Access Control -mac_biba(4) - Biba data integrity policy -mac_bsdextended(4) - file system firewall policy -mac_ifoff(4) - interface silencing policy -mac_lomac(4) - Low-watermark Mandatory Access Control data integrity policy -mac_mls(4) - Multi-Level Security confidentiality policy -mac_none(4) - sample MAC policy module -mac_partition(4) - process partition policy -mac_portacl(4) - network port access control policy -mac_seeotheruids(4) - simple policy controlling whether users see other users -mac_test(4) - MAC framework testing policy -</para> + <varlistentry> + <term>mac_test</term> + <listitem> + <para>Internal assertion testing policy for the MAC Framework; + intended to assist in the testing of the correctness of the + Framework.</para> + </listitem> + </varlistentry> + </variablelist> </sect2> - </sect1> - </chapter> <!--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308021705.h72H5niq017207>