What's the status of the project?

Tue Jun 12 20:20:17 GMT 2001

On Tue, 12 Jun 2001, Ilmar S. Habibulin wrote:

> Local IPC objects are easy to protect. There are some issues, for ex., how
> should sys V messages be labeled: like message or queue. But i think that
> it is solvable problems.
> Another one is passing labels over network connections inside packets. I
> looked through FIPS 188, so i think, that CIPSO will be easily implemented
> and work between TrustedBSD boxes just fine. But i don't know how to
> achieve interoperability with other trusted systems. I have TSIG docs from
> their www.tsix.org site, but there is not much. :(

I have a variant on both the initial MAC implementation and the objlabel
version that maintains MAC labels on mbufs--interfaces are assigned an
initial label for incoming packets, and the label can then be matched and
modified in ipfw rules.  However, I don't yet perform the
poly-instantiation/enforcement when mapping mbufs into sockets in the
netinet code.  I plan to revisit this issue in the next month or so--it
probably involves sockets acting as both subjects (have a ucred attached)
and objects (have a MAC label attached).  Another issue has to do with
whether we want to be able to make routing decisions based on labels, or
just perform access control.

> Did you look through my old patch, where i suggest to import part of
> bitstring fuctionality into kernel? What do you think about it? 

I have looked at it, but have not yet decided what to do about the
bitstring stuff.  My feeling is that we do need a bitstring implementation
in the kernel, and that this is a proper use of one.  I hope to be able to
spend some more time on MAC code in the near future, once I've finished up
some more of the objlabel work.

> > TrustedBSD Auditing: On the drawing board still.
> As i remember, i started your FreeBSD hardening project with POSIX 1e
> audit implementation. ;-))) 

Yeah, old told we must have at least three attempts at audit
implementations lying around--certainly I did a pass or two, and SRI did a
pass.  Unfortunately, we don't seem to have come out of it with highly
useful results, although quite a bit more experience.  If someone wants to
take this task on, I'd certainly welcome that.  Andrew Reiter was looking
at design considerations, but I think he has been stalled due to
circumstances beyond his control :-).

> PS. And what about your polygraph activities?  Would we have an ability
> to change MAC policies with labels on the fly?

This is still on the goal list, and the object label code is a step in
that direction, as it allows the improved abstraction of object labels. 
You'll notice also that the ucred handling in 5.0-CURRENT has been
gradually expanding to include more and more of the per-process access
control information (for example, the jail pointer recently moved into
ucred, and pcred was eliminated, simplifying credential handling).  I'm
taking this gradually, and will probably have an announcement in the near
future (next month or so) relating to the poligraph work. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message