From owner-p4-projects@FreeBSD.ORG Mon Aug 25 13:47:39 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id CC2C71065677; Mon, 25 Aug 2008 13:47:38 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 77D2E1065674 for ; Mon, 25 Aug 2008 13:47:38 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 517FB8FC0A for ; Mon, 25 Aug 2008 13:47:38 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m7PDlccF018818 for ; Mon, 25 Aug 2008 13:47:38 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m7PDlcUw018816 for perforce@freebsd.org; Mon, 25 Aug 2008 13:47:38 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 25 Aug 2008 13:47:38 GMT Message-Id: <200808251347.m7PDlcUw018816@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 148378 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2008 13:47:39 -0000 http://perforce.freebsd.org/chv.cgi?CH=148378 Change 148378 by rwatson@rwatson_fledge on 2008/08/25 13:47:16 Continue general rename of capabilities -> privileges to prepare to put up pages on both the 8.x privileges project and the new capabilities project. Affected files ... .. //depot/projects/trustedbsd/www/components.page#10 edit .. //depot/projects/trustedbsd/www/developers.dev#3 edit .. //depot/projects/trustedbsd/www/mailinglists.page#4 edit .. //depot/projects/trustedbsd/www/privileges.page#2 edit .. //depot/projects/trustedbsd/www/sidebar.xml#11 edit Differences ... ==== //depot/projects/trustedbsd/www/components.page#10 (text+ko) ==== @@ -37,7 +37,7 @@ - $P4: //depot/projects/trustedbsd/www/components.page#9 $ + $P4: //depot/projects/trustedbsd/www/components.page#10 $ @@ -71,7 +71,7 @@ instructions on the mailing lists page. This provides access to CVS and Perforce commit messages associated with development occuring in the TrustedBSD development trees, including the - Base (vendor) branch, Capabilities branch, Audit branch, MAC + Base (vendor) branch, Privileges branch, Audit branch, MAC branch, SEBSD branch, and SEDarwin branch.

There are seven main branches of TrustedBSD development:

@@ -133,7 +133,7 @@ processes to tag files with arbitrary named data. This provides a location to store the extensive security data required for the various TrustedBSD security extensions, - including ACLs, capabilities and MAC labels. Extended + including ACLs, privileges and MAC labels. Extended attribute support has been developed for FreeBSD's UFS1 file system and integrated with the FreeBSD development tree, and was included in FreeBSD 5.0. UFS2 was @@ -144,29 +144,6 @@ functionality.

- -

Fine-Grained Capabilities

- -
-

- Collection: - - p4-cvs-trustedbsd-cap -

- -

Capabilities provide support for fine-grained process - capabilities to authorize non-root processes to access - privileged system resources, reducing requirements for a - superuser account, and reducing risk in the event of - compromise. The capabilities development branch is - largely complete, but is based on an older FreeBSD - 5.0-CURRENT snapshot. Elements of this implementation - are being updated for FreeBSD 5.2 and are available as - part of the SEBSD version of the TrustedBSD MAC Framework. - For more information, see the Capability - Page.

-
-

GEOM

@@ -216,6 +193,37 @@ Project.

+ +

Fine-Grained Privileges

+ +
+

+ Collection: + + p4-cvs-trustedbsd-cap +

+ +

NB: Historically this project was referred to as fine-grained + capabilities, but due to a vocabulary conflict, it has been + renamed to fine-grained privileges. Information in this + section and on the privileges page currently refers to a + FreeBSD 5.x-era project to support fine-grained privileges, + and will shortly be superseded by a similar project for + FreeBSD 8.x.

+ +

Privileges provide support for fine-grained process + privileges to authorize non-root processes to access + privileged system resources, reducing requirements for a + superuser account, and reducing risk in the event of + compromise. The privileges development branch is + largely complete, but is based on an older FreeBSD + 5.0-CURRENT snapshot. Elements of this implementation + are being updated for FreeBSD 5.2 and are available as + part of the SEBSD version of the TrustedBSD MAC Framework. + For more information, see the + Privileges Page.

+
+

Security-Enhanced BSD (SEBSD)

==== //depot/projects/trustedbsd/www/developers.dev#3 (text+ko) ==== @@ -33,7 +33,7 @@ - $P4: //depot/projects/trustedbsd/www/developers.dev#2 $ + $P4: //depot/projects/trustedbsd/www/developers.dev#3 $ @@ -61,13 +61,13 @@ Ilmar Habibulin ilmar@watson.org http://www.watson.org/~ilmar/ - Capabilities, Mandatory Access Control + Privileges, Mandatory Access Control Thomas Moestl tmm@FreeBSD.org - Capabilities + Privileges @@ -86,7 +86,7 @@ Andrew Reisse Andrew.Reisse@sparta.com - SEDarwin, Capabilities + SEDarwin, Privileges ==== //depot/projects/trustedbsd/www/mailinglists.page#4 (text+ko) ==== @@ -37,7 +37,7 @@ - $P4: //depot/projects/trustedbsd/www/mailinglists.page#3 $ + $P4: //depot/projects/trustedbsd/www/mailinglists.page#4 $ @@ -115,7 +115,7 @@

POSIX.1e, the now-withdrawn POSIX draft defining interfaces for operating system security extensions, continues to play an important - role in offering standard interfaces for ACLs, Capabilities, and to + role in offering standard interfaces for ACLs, Privileges, and to a limited extent other services. The POSIX.1e mailing list provides a cross-platform forum for the discussion of the draft, as well as practical implementation and portability issues. More information on ==== //depot/projects/trustedbsd/www/privileges.page#2 (text+ko) ==== @@ -25,16 +25,16 @@ --> - TrustedBSD POSIX.1e Capabilities + TrustedBSD POSIX.1e Privileges - $P4: //depot/projects/trustedbsd/www/privileges.page#1 $ + $P4: //depot/projects/trustedbsd/www/privileges.page#2 $

- TrustedBSD POSIX.1e Capabilities + TrustedBSD POSIX.1e Privileges

@@ -46,15 +46,16 @@ p4-cvs-trustedbsd-cap

-

POSIX.1e breaks root privilege into a set of capabilities, or - more strictly, privileges, which allow the granting of specific - privilege requirements for POSIX calls, such as setuid(). +

POSIX.1e breaks root privilege into a set of privileges + (historically referred to as "Capabilities"), which allow the + granting of specific privilege requirements for POSIX calls, such + as setuid(). POSIX.1e defines extension to process and file state to allow privileges to be granted to processes, either by inheritence or a file privilege model similar to setuid/setgid.

-

The TrustedBSD capability project is currently inactive, but an - implementation of POSIX.1e capabilities for an older FreeBSD release +

The TrustedBSD privileges project is currently inactive, but an + implementation of POSIX.1e privileges for an older FreeBSD release is available and functional, and may be found in Perforce/cvsup. Certain key files are provided in a tarball for download on this page.

@@ -70,17 +71,17 @@ sufficient future growth in privileges, or further fine-graining.

Up-to-date versions of the kernel API changes to perform - fine-grained privilege checking, without the capability model + fine-grained privilege checking, without the privilege model itself, may be found in the SEBSD branch, and include modifications to the TrustedBSD MAC Framework to allow MAC modules to deny privilege based on the POSIX.1e privilege categories.

-

2006-03-26 FreeBSD 5.0 POSIX.1e capability reference files +

2006-03-26 FreeBSD 5.0 POSIX.1e privileges reference files snapshot. These are reference BSD-licensed POSIX.1e privilege files derived from an early TrustedBSD implementation, and do - not represent a complete or supported implementation. - Download.

+ not represent a complete or supported implementation. Download + 20060326-cap.tgz (60K).

==== //depot/projects/trustedbsd/www/sidebar.xml#11 (text+ko) ==== @@ -7,11 +7,11 @@
  • Audit
  • BSMtrace
  • Extended Attributes and UFS2
    • -
  • Capabilities
  • GEOM
  • MAC
  • OpenBSM
  • OpenPAM
    • +
  • Privileges
  • SEBSD
  • SEDarwin
    • @@ -24,11 +24,11 @@
  • Audit
  • BSMtrace
  • Extended Attributes and UFS2
    • -
  • Capabilities
  • GEOM
  • MAC
  • OpenBSM
  • OpenPAM
    • +
  • Privileges
  • SEBSD
  • SEDarwin