trustedbsd-discuss becomes moderated, status on mac work, cap , integration

[Robert Watson]

Went away on vacation for a week and a half and came back to discover
people accidentally subscribing the list to -announce, as well as that at
least one spam e-mail list now includes trustedbsd-discuss.  As such, I've
moved trustedbsd-discuss to being a moderated mailing list, meaning only
that I will be dropping any administrative requests or advertising sent to
the list, not that I'll be moderating by content.

Despite unfortunate delays, I do intend to released the initial mandatory
access control implementation in the near future.  I've already provided a
copy to Ilmar to work with, and he has even sent me patches for it :-). 
As previously discussed, the first implementation will label processes,
files and other file system objects, as well as sockets, network
interfaces, and packets.  Currently, policy is enforced on file system
operations on UFS-derived file systems, and inter-process operations, but
not on the network/socket operations (this will be changing in the near
future).  The checks are relatively abstracted, meaning that it is
possible to change the policy relatively easily, and given the recent
release of the TE code by NSA (and contractors), I anticipate attempting
to port over some of their code to FreeBSD in the next month or two.

The MAC code is a lot more useful when combined with the capability code,
as doing so allows some of the root privileges to be provided without
allowing override of MAC protections, meaning you can run root daemons
without allowing them to break the integrity protection scheme, a
stubstantial improvement over the current implementation.  Rather than
merging the capability and MAC patch sets, I'm going to accelerate
integration of the capabilities framework into the base FreeBSD source
tree, which will probably take a few weeks (or more) of wrangling on
freebsd-arch, freebsd-security, and so on.  Once I've caught up on e-mail
from my vacation, I'll assemble some introductory materials for the
broader FreeBSD community to introduce the concepts and request review for
committing, and will run those texts by trustedbsd-discuss first to make
sure that the framework meets the needs of all consumers (it's still
perfectly reasonable to change it at this point, and in fact, desirable to
do so if changes will be needed).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services


To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message