From owner-p4-projects@FreeBSD.ORG Sat Aug 2 10:05:51 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 3E04D37B404; Sat, 2 Aug 2003 10:05:51 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA96337B401 for ; Sat, 2 Aug 2003 10:05:50 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C4E743F85 for ; Sat, 2 Aug 2003 10:05:50 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h72H5o0U017210 for ; Sat, 2 Aug 2003 10:05:50 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h72H5niq017207 for perforce@freebsd.org; Sat, 2 Aug 2003 10:05:49 -0700 (PDT) Date: Sat, 2 Aug 2003 10:05:49 -0700 (PDT) Message-Id: <200308021705.h72H5niq017207@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 35396 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2003 17:05:52 -0000 http://perforce.freebsd.org/chv.cgi?CH=35396 Change 35396 by rwatson@rwatson_paprika on 2003/08/02 10:04:50 Updates to the MAC section of the Sec Arch. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#3 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#3 (text+ko) ==== @@ -2752,10 +2752,23 @@ Mandatory Access Control As of FreeBSD 5.0, experimental support for Mandatory Access Control (MAC) provided by the TrustedBSD Project has been - integrated into the operating system. The kernel supports a - flexible MAC Framework permitting policy modules to augment - the kernel security policy, as well as maintain security - labeling information on a variety of system objects. + integrated into the operating system. + The kernel may be compiled with options MAC + to enable a pluggable labeled access control framework. + The MAC Framework permits policy modules to augment the kernel + security policy, as well as maintain security labeling + information on a variety of system objects. + Common infrastructure provided by the Framework include + the ability to augment critical system security decisions, + a policy-agnostic security labeling service, composition of + simultaneously loaded policies, and system calls and APIs for + application management of labels. + The MAC Framework is capable of supporting policy modules + implementing a broad range of access control policies, including + hardening changes to the base FreeBSD policy, Biba integrity, + MLS confidentiality, RBAC, Type Enforcement, and many + more. + mac.conf: default MAC labels to show for various objects, including @@ -2770,30 +2783,114 @@ third party models, including sebsd - -Common facilities for MAC policies, including labeling, access control, -labeling, utilities, etc. - + + + mac_biba + + Biba data integrity policy; makes use of information + labeling and flow control to prevent violation of system + integrity constraints. + Security labels on subjects and objects include both + hierarchal (ordered) and non-hierarchal (compartmented) + components. + + + + + mac_bsdextended + + File system firewall policy; maintains a rule set + placing restrictions on file system access based on + existing security parameters, such as process uid, gids, + and file owner and group. + + + + + mac_ifoff + + Interface silencing policy; controls the incoming and + outgoing flow of packets via network interfaces. + + + + + mac_lomac + + Low-Watermark Mandatory Access Control (LOMAC) policy; + as with Biba, a labeled integrity policy, but making use + of floating subject labels which downgrade based on + access to information of lower integrity. + + + + + mac_mls + + Multi-Level Security (MLS) confidentiality policy; + implements the classing MLS MAC policy, providing both + hierarchal levels and non-hierarchal compartments to + control the flow of information to unauthorized + parties. + + + + + mac_none + + Null policy used for performance testing purposes. + + + + + mac_partition + + Simple system partition policy controlling inter-process + visibility based on administrator-defined security + partitions. + + + + + mac_portacl + + IP port access control list policy; implements controls + on system calls requesting the assignment of specific + UDP and TCP port numbers. + Intended for use with systems that no longer require root + privilege to bind low port numbers. + + + + + mac_seeotheruids + + Inter-process visibility policy; controls whether users + are permitted to see (and otherwise interact) with processes + owned by other users. + + - -various security models: + + mac_stub + + Prototype policy containing stub implementations of all + entry points; intended for use by developers of new system + policies. + + -mac(4) - Mandatory Access Control -mac_biba(4) - Biba data integrity policy -mac_bsdextended(4) - file system firewall policy -mac_ifoff(4) - interface silencing policy -mac_lomac(4) - Low-watermark Mandatory Access Control data integrity policy -mac_mls(4) - Multi-Level Security confidentiality policy -mac_none(4) - sample MAC policy module -mac_partition(4) - process partition policy -mac_portacl(4) - network port access control policy -mac_seeotheruids(4) - simple policy controlling whether users see other users -mac_test(4) - MAC framework testing policy - + + mac_test + + Internal assertion testing policy for the MAC Framework; + intended to assist in the testing of the correctness of the + Framework. + + + - -