From owner-svn-doc-head@FreeBSD.ORG Thu Nov 7 11:44:29 2013 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id ACE0BCF4; Thu, 7 Nov 2013 11:44:29 +0000 (UTC) (envelope-from ryusuke@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8C0A62630; Thu, 7 Nov 2013 11:44:29 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rA7BiT1C056445; Thu, 7 Nov 2013 11:44:29 GMT (envelope-from ryusuke@svn.freebsd.org) Received: (from ryusuke@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id rA7BiT1G056444; Thu, 7 Nov 2013 11:44:29 GMT (envelope-from ryusuke@svn.freebsd.org) Message-Id: <201311071144.rA7BiT1G056444@svn.freebsd.org> From: Ryusuke SUZUKI Date: Thu, 7 Nov 2013 11:44:29 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43115 - head/ja_JP.eucJP/books/handbook/security X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2013 11:44:29 -0000 Author: ryusuke Date: Thu Nov 7 11:44:29 2013 New Revision: 43115 URL: http://svnweb.freebsd.org/changeset/doc/43115 Log: - Merge the following from the English version: r15170 -> r15267 head/ja_JP.eucJP/books/handbook/security/chapter.xml Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml ============================================================================== --- head/ja_JP.eucJP/books/handbook/security/chapter.xml Thu Nov 7 11:31:17 2013 (r43114) +++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Thu Nov 7 11:44:29 2013 (r43115) @@ -3,7 +3,7 @@ The FreeBSD Documentation Project The FreeBSD Japanese Documentation Project - Original revision: r15170 + Original revision: r15267 Waiting for: 1.123 or mac/chapter.xml ("mac" referenced from disks). Translation note: "fs-acl" section added in rev.1.118 is moved to @@ -3902,13 +3902,14 @@ user@unfirewalled.myserver.com's passwor When configured into a kernel, the MAC Framework permits security modules to augment the existing kernel access control model, restricting access to system services and objects. For - example, the mac_bsdextended module augments file system access - control, permitting administrators to provide a firewall-like - ruleset constraining access to file system objects based on user - ids and group membership. Some modules require little or no - configuration, such as mac_seeotheruids, whereas others perform - ubiquitous object labeling, such as mac_biba and mac_mls, and - require extensive configuration. + example, the &man.mac.bsdextended.4; module augments file system + access control, permitting administrators to provide a + firewall-like ruleset constraining access to file system objects + based on user ids and group membership. Some modules require + little or no configuration, such as &man.mac.seeotheruids.4, + whereas others perform ubiquitous object labeling, such as + &man.mac.biba.4; and &man.mac.mls.4;, and require extensive + configuration. To enable the MAC Framework in your system kernel, you must add the following entry to your kernel configuration: @@ -3923,11 +3924,11 @@ user@unfirewalled.myserver.com's passwor Different MAC policies may be configured in different ways; frequently, MAC policy modules export configuration parameters using the &man.sysctl.8; MIB using the - security.mac.* namespace. Policies relying on file system - or other labels may require a configuration step that involes - assigning initial labels to system objects or creating a - policy configuration file. For information on how to configure - and use each policy module, see its man page. + security.mac namespace. Policies relying on + file system or other labels may require a configuration step + that involes assigning initial labels to system objects or + creating a policy configuration file. For information on how to + configure and use each policy module, see its man page. A variety of tools are available to configure the MAC Framework and labels maintained by various policies. Extensions have been @@ -3950,14 +3951,17 @@ user@unfirewalled.myserver.com's passwor Vendor: TrustedBSD Project Module name: mac_biba.ko - Kernel option: MAC_BIBA - The Biba Integrity Policy (XXXMANPAGE) provides + Kernel option: MAC_BIBA + + TCB + + The Biba Integrity Policy (&man.mac.biba.4;) provides for hierarchal and non-hierarchal labeling of all system objects with integrity data, and the strict enforcement of an information flow policy to prevent corruption of high integrity subjects and data by low-integrity subjects. Integrity is enforced by preventing high integrity - subjects (generally processes) from reading load integrity + subjects (generally processes) from reading low integrity objects (often files), and preventing low integrity subjects from writing to high integrity objects. This security policy is frequently used in commercial @@ -3966,6 +3970,33 @@ user@unfirewalled.myserver.com's passwor provides ubiquitous labeling, the Biba integrity policy must be compiled into the kernel or loaded at boot. + + File System Firewall Policy (mac_bsdextended) + + File System Firewall Policy + + Vendor: TrustedBSD Project + Module name: mac_bsdextended.ko + Kernel option: MAC_BSDEXTENDED + The File System Firewall Policy (&man.mac.bsdextended.4;) + provides an extension to the BSD file system permission model, + permitting the administrator to define a set of firewall-like + rules for limiting access to file system objects owned by + other users and groups. Managed using &man.ugidfw.8;, rules + may limit access to files and directories based on the uid + and gids of the process attempting the access, and the owner + and group of the target of the access attempt. All rules + are restrictive, so they may be placed in any order. This policy + requires no prior configuration or labeling, and may be + appropriate in multi-user environments where mandatory limits + on inter-user data exchange are required. Caution should be + exercised in limiting access to files owned by the super-user or + other system user ids, as many useful programs and directories + are owned by these users. As with a network firewall, + improper application of file system firewall rules may render + the system unusable. New tools to manage the rule set may be + easily written using the &man.libugidfw.3; library. + Interface Silencing Policy (mac_ifoff) @@ -3973,8 +4004,8 @@ user@unfirewalled.myserver.com's passwor Vendor: TrustedBSD Project Module name: mac_ifoff.ko - Kernel option: MAC_IFOFF - The interface silencing policy (XXXMANPAGE) + Kernel option: MAC_IFOFF + The interface silencing policy (&man.mac.ifoff.4;) prohibits the use of network interfaces during the boot until explicitly enabled, preventing spurious stack output stack response to incoming packets. This is appropriate @@ -3992,9 +4023,9 @@ user@unfirewalled.myserver.com's passwor Vendor: Network Associates Laboratories Module name: mac_lomac.ko - Kernel option: MAC_LOMAC + Kernel option: MAC_LOMAC Similar to the Biba Integrity Policy, the LOMAC - policy (XXXMANPAGE) relies on the ubiquitous + policy (&man.mac.lomac.4;) relies on the ubiquitous labeling of all system objects with integrity labels. Unlike Biba, LOMAC permits high integrity subjects to read from low integrity objects, but then downgrades the @@ -4015,24 +4046,22 @@ user@unfirewalled.myserver.com's passwor Vendor: TrustedBSD Project Module name: mac_mls.ko - Kernel option: MAC_MLS + Kernel option: MAC_MLS Multi-Level Security (MLS) - (XXXMANPAGE) provides for hierarchal and - non-hierarchal labeling of all system objects with - sensitivity data, and the strict enforcement of an - information flow policy to prevent the leakage of - confidential data to untrusted parties. The logical - conjugate of the Biba Integrity Policy, - MLS is frequently shipped in - commercial trusted operating systems to protect data - secrecy in multi-user environments. Hierarchal labels - provide support for the notion of clearances and - classifications in traditional parlance; non-hierarchal - labels provide support for "need-to-know". As with - Biba, ubiquitous labeling of objects occurs, and it - must therefore be compiled into the kernel or loaded - at boot. As with Biba, extensive initial configuration - may be required. + (&man.mac.mls.4;) provides for hierarchal and non-hierarchal + labeling of all system objects with sensitivity data, and the + strict enforcement of an information flow policy to prevent + the leakage of confidential data to untrusted parties. The + logical conjugate of the Biba Integrity Policy, + MLS is frequently shipped in commercial + trusted operating systems to protect data secrecy in + multi-user environments. Hierarchal labels provide support + for the notion of clearances and classifications in + traditional parlance; non-hierarchal labels provide support + for need-to-know. As with Biba, ubiquitous + labeling of objects occurs, and it must therefore be compiled + into the kernel or loaded at boot. As with Biba, extensive + initial configuration may be required. MAC Stub Policy (mac_none) @@ -4041,8 +4070,8 @@ user@unfirewalled.myserver.com's passwor Vendor: TrustedBSD Project Module name: mac_none.ko - Kernel option: MAC_NONE - The None policy (XXXMANPAGE) provides a stub + Kernel option: MAC_NONE + The None policy (&man.mac.none.4;) provides a stub sample policy for developers, implementing all entry points, but not changing the system access control policy. Running this on a production system would @@ -4055,8 +4084,8 @@ user@unfirewalled.myserver.com's passwor Vendor: TrustedBSD Project Module name: mac_partition.ko - Kernel option: MAC_PARTITION - The Partition policy (XXXMANPAGE) provides for a + Kernel option: MAC_PARTITION + The Partition policy (&man.mac.partition.4;) provides for a simple process visibility limitation, assigning labels to processes identifying what numeric system partition they are present in. If none, all other processes are visible @@ -4072,31 +4101,32 @@ user@unfirewalled.myserver.com's passwor Vendor: TrustedBSD Project Module name: mac_seeotheruids.ko - Kernel option: MAC_BIBA - The See Other Uids policy (XXXMANPAGE) implements - a similar process visibility model to mac_partition, - except that it relies on process credentials to control - visibility of processes, rather than partition labels. This - policy may be configured to exempt certain users and groups, - including permitting system operators to view all processes - without special privilege. This policy may be compiled into - the kernel, loaded at boot, or loaded at run-time. + Kernel option: MAC_SEEOTHERUIDS + The See Other Uids policy (&man.mac.seeotheruids.4;) + implements a similar process visibility model to + mac_partition, except that it relies on process credentials to + control visibility of processes, rather than partition labels. + This policy may be configured to exempt certain users and + groups, including permitting system operators to view all + processes without special privilege. This policy may be + compiled into the kernel, loaded at boot, or loaded at + run-time. - MAC Framework Test Policy + MAC Framework Test Policy (mac_test) MAC Framework Test Policy Vendor: TrustedBSD Project Module name: mac_test.ko - Kernel option: MAC_TEST - The Test policy (XXXMANPAGE) provides a regression test - environment for the MAC Framework, and will cause a - fail-stop in the event that internal MAC Framework assertions - about proper data labeling fail. This module can be used to - detect failures to properly label system objects in the kernel - implementation. This policy may be compiled into the kernel, - loaded at boot, or loaded at run-time. + Kernel option: MAC_TEST + The Test policy (&man.mac.test.4;) provides a regression + test environment for the MAC Framework, and will cause a + fail-stop in the event that internal MAC Framework assertions + about proper data labeling fail. This module can be used to + detect failures to properly label system objects in the kernel + implementation. This policy may be compiled into the kernel, + loaded at boot, or loaded at run-time.