LoMAC module: cannot get clearance level revoked
Kirill Bolshakov
kirill.bolshakov at gmail.com
Tue May 29 22:57:04 UTC 2007
Hello Almighty All,
I am trying to get the LoMAC module revoke user's privileges. In my test
setup, the user with a higher clearance tries to open a lower clearance file
for reading. After that the process label of the user's process is checked.
As a final test, the user's process tries to write to a file with the higher
integrity label. And he succeeds.
Please find my test setup including the test program below. I will be
grateful for any advice you may have. I am using FreeBSD 6.1. All MAC stuff
enabled, the corresponding module loaded, and other models evaluated (Biba,
MLS, combo).
Thanks,
Kirill
=== TEST PROGRAM ===
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/mac.h>
void printfilelabel(const char * fname) {
mac_t filelabel;
char *buf;
if ( 0 != mac_prepare_file_label( &filelabel ) ) {
fprintf( stderr, "printfilelabel(%s): failed to prepare label\n", fname
);
exit( -1 );
}
if ( 0 != mac_get_file( fname, filelabel ) ) {
fprintf( stderr, "printfilelabel(%s): failed to get label\n", fname );
exit( -1 );
}
if ( 0 != mac_to_text( filelabel, &buf ) ) {
fprintf( stderr, "printfilelabel(%s): failed to convert label\n", fname
);
exit( -1 );
}
printf( "\tfilelabel(%s) is %s\n", fname, buf );
free( buf );
mac_free( filelabel );
}
void printmylabel() {
mac_t mylabel;
char *buf;
if ( 0 != mac_prepare_process_label( &mylabel ) ) {
fprintf( stderr, "printmylabel: failed to prepare label" );
exit( -1 );
}
if ( 0 != mac_get_proc( mylabel ) ) {
fprintf( stderr, "printmylabel: failed to get label" );
exit( -1 );
}
if ( 0 != mac_to_text( mylabel, &buf ) ) {
fprintf( stderr, "printmylabel: failed to convert label" );
exit( -1 );
}
printf( "\tMy label is %s\n", buf );
free( buf );
mac_free( mylabel );
}
int main(int argc, char **argv) {
if ( argc != 3 ) return -1;
printmylabel();
printfilelabel( argv[1] );
printf( "Try to open %s for reading...\n", argv[1]);
FILE * f = fopen( argv[1], "r" );
if ( f ) {
/*printf( "Boo! read by lomac/high!\n" );*/
printf("Open for reading succeeded for %s\n", argv[1] );
printmylabel();
printfilelabel( argv[1] );
fclose(f);
f = NULL;
printmylabel();
printfilelabel( argv[2] );
printf( "Try to open %s for writing\n", argv[2] );
f = fopen(argv[2],"w");
if ( f ){
printmylabel();
printf( "Succeeded in opening %s for writing\n", argv[2] );
printfilelabel( argv[2] );
fclose( f );
printfilelabel( argv[2] );
printmylabel();
}
else {
printf( "Unable to open %s for writing!\n", argv[2] );
}
}
else {
printf( "Unable to open %s for reading!\n", argv[1] );
}
}
=== END OF TEST PROGRAM ===
=== TWO TEST FILES ===
The program was run like this:
./lomactest testlow test
and the files had these labels:
testlow: lomac/low
test: lomac/high
=== END OF TWO TEST FILES ===
=== LOGIN CLASS ===
lmsecure:\
:copyright=/etc/COPYRIGHT:\
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
:path=~/bin:/sbin:/bin:/usr/sbin:/user/bin:/usr/local/sbin:usr/local/bin:\
:manpath=/usr/share/man /usr/local/man:\
:nologin=/usr/sbin/nologin:\
:cputime=1h30m:\
:datasize=8M:\
:vmemoryuse=100M:\
:stacksize=2M:\
:memorylocked=4M:\
:memoryuse=8M:\
:filesize=8M:\
:coredumpsize=8M:\
:openfiles=24:\
:maxproc=32:\
:priority=0:\
:requirehome:\
:passwordtime=91d:\
:umask=022:\
:ignoretime@:\
:label=lomac/high(high-high):
=== END OF LOGIN CLASS
=== PROGRAM RUN RESULT
My label is lomac/high(high-high)
filelabel(testlow) is lomac/low
Try to open testlow for reading...
Open for reading succeeded for testlow
My label is lomac/high(high-high)
filelabel(testlow) is lomac/low
My label is lomac/high(high-high)
filelabel(test) is lomac/high
Try to open test for writing
My label is lomac/high(high-high)
Succeeded in open test for writing
filelabel(test) is lomac/high
filelabel(test) is lomac/high
My label is lomac/high(high-high)
=== END OF PROGRAM RUN RESULT
More information about the freebsd-security
mailing list