programming interface for mandatory access controls
n0g0013
fergus at cobbled.net
Mon Aug 25 21:58:48 GMT 2003
On 25.08-15:28, Evan S. wrote:
> That sounds interesting. Can you explain what you
> mean? I'm not sure I quite understand.
i'll try -- it's fairly simple really.
assume we have an MLS policy with 3 distinct labels,
made from 2 classifications and two compartments.
SEC: [ a b ]
PUB: [ a ] [ b ]
and that [ a b ] can read [ a ] and [ b ] BUT
[ a ] cannot read [ b ] and vice-versa (i.e.
standard BellLaPadula model).
if i have a login process (e.g. sshd) with label
[ a b ] that forks when a user logs in - then i
want the ability to also move that users process
into compartment [ a ].
i suspect we could install an mpo_syscall handler
that will match the relevant fork call and alter
the resulting shell's label. thus the user/s in
[ a ] can not read from [ b ] (i.e. distinct
compartments).
there would most likely also be privilages
associated with change that could also be dropped.
the result is that, not only can we apply MAC to
normal processes/programs, but also manage MAC
policy behaviour based on known, associated program
behaviour.
i realise that my knowledge of the internals is
lacking here but hope that is clear. perhaps i
may even get the time to implement it someday
(don't hold your breath).
--
: fergus cameron : [ .] cobbled :
: ^^^^^^@cobbled.net : [ ~][ ] .net :
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list