Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 May 2007 02:32:44 +0400
From:      "Kirill Bolshakov" <kirill.bolshakov@gmail.com>
To:        freebsd-security@freebsd.org
Subject:   LoMAC module: cannot get clearance level revoked
Message-ID:  <1ef87a7d0705291532v472a3c30i4bee07d0f502bc5b@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
Hello Almighty All,

I am trying to get the LoMAC module revoke user's privileges. In my test
setup, the user with a higher clearance tries to open a lower clearance file
for reading. After that the process label of the user's process is checked.
As a final test, the user's process tries to write to a file with the higher
integrity label. And he succeeds.

Please find my test setup including the test program below. I will be
grateful for any advice you may have. I am using FreeBSD 6.1. All MAC stuff
enabled, the corresponding module loaded, and other models evaluated (Biba,
MLS, combo).

Thanks,
Kirill

=== TEST PROGRAM ===
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/mac.h>


void printfilelabel(const char * fname) {
  mac_t filelabel;
  char *buf;
  if ( 0 != mac_prepare_file_label( &filelabel ) ) {
    fprintf( stderr, "printfilelabel(%s): failed to prepare label\n", fname
);
    exit( -1 );
  }
  if ( 0 != mac_get_file( fname, filelabel ) ) {
    fprintf( stderr, "printfilelabel(%s): failed to get label\n", fname );
    exit( -1 );
  }
  if ( 0 != mac_to_text( filelabel, &buf ) ) {
    fprintf( stderr, "printfilelabel(%s): failed to convert label\n", fname
);
    exit( -1 );
  }
  printf( "\tfilelabel(%s) is %s\n", fname, buf );
  free( buf );
  mac_free( filelabel );
}
void printmylabel() {
  mac_t mylabel;
  char *buf;
  if ( 0 != mac_prepare_process_label( &mylabel ) ) {
    fprintf( stderr, "printmylabel: failed to prepare label" );
    exit( -1 );
  }
  if ( 0 != mac_get_proc( mylabel ) ) {
    fprintf( stderr, "printmylabel: failed to get label" );
    exit( -1 );
  }
  if ( 0 != mac_to_text( mylabel, &buf ) ) {
    fprintf( stderr, "printmylabel: failed to convert label" );
    exit( -1 );
  }
  printf( "\tMy label is %s\n", buf );
  free( buf );
  mac_free( mylabel );
}

int main(int argc, char **argv) {
  if ( argc != 3 ) return -1;
  printmylabel();
  printfilelabel( argv[1] );
  printf( "Try to open %s for reading...\n", argv[1]);
  FILE * f = fopen( argv[1], "r" );
  if ( f ) {
    /*printf( "Boo! read by lomac/high!\n" );*/
    printf("Open for reading succeeded for %s\n", argv[1] );
    printmylabel();
    printfilelabel( argv[1] );
    fclose(f);
    f = NULL;
    printmylabel();
    printfilelabel( argv[2] );
    printf( "Try to open %s for writing\n", argv[2] );
    f = fopen(argv[2],"w");
    if ( f ){
       printmylabel();
       printf( "Succeeded in opening %s for writing\n", argv[2] );
       printfilelabel( argv[2] );
       fclose( f );

       printfilelabel( argv[2] );
       printmylabel();
    }
    else {
      printf( "Unable to open %s for writing!\n", argv[2] );
    }
  }
  else {
    printf( "Unable to open %s for reading!\n", argv[1] );
  }
}
=== END OF TEST PROGRAM ===
=== TWO TEST FILES ===
The program was run like this:

./lomactest testlow test

and the files had these labels:

testlow: lomac/low
test: lomac/high

=== END OF TWO TEST FILES ===
=== LOGIN CLASS ===
 lmsecure:\
        :copyright=/etc/COPYRIGHT:\
        :welcome=/etc/motd:\
        :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\

:path=~/bin:/sbin:/bin:/usr/sbin:/user/bin:/usr/local/sbin:usr/local/bin:\
        :manpath=/usr/share/man /usr/local/man:\
        :nologin=/usr/sbin/nologin:\
        :cputime=1h30m:\
        :datasize=8M:\
        :vmemoryuse=100M:\
        :stacksize=2M:\
        :memorylocked=4M:\
        :memoryuse=8M:\
        :filesize=8M:\
        :coredumpsize=8M:\
        :openfiles=24:\
        :maxproc=32:\
        :priority=0:\
        :requirehome:\
        :passwordtime=91d:\
        :umask=022:\
        :ignoretime@:\
        :label=lomac/high(high-high):

=== END OF LOGIN CLASS
=== PROGRAM RUN RESULT
        My label is lomac/high(high-high)
        filelabel(testlow) is lomac/low
Try to open testlow for reading...
Open for reading succeeded for testlow
        My label is lomac/high(high-high)
        filelabel(testlow) is lomac/low
        My label is lomac/high(high-high)
        filelabel(test) is lomac/high
Try to open test for writing
        My label is lomac/high(high-high)
Succeeded in open test for writing
        filelabel(test) is lomac/high
        filelabel(test) is lomac/high
        My label is lomac/high(high-high)

=== END OF PROGRAM RUN RESULT



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1ef87a7d0705291532v472a3c30i4bee07d0f502bc5b>