From 4085c80697275c574b29c2c29ee5b1e8872751ff Mon Sep 17 00:00:00 2001 From: Brian Feldman Date: Tue, 20 Nov 2001 19:22:37 +0000 Subject: [PATCH] Add an initial lomac(4) manpage. Sponsored by: DARPA, NAI Labs (CBOSS project) --- share/man/man4/Makefile | 1 + share/man/man4/lomac.4 | 133 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+) create mode 100644 share/man/man4/lomac.4 diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile index c07c8c6fb008..b9536c09b16c 100644 --- a/share/man/man4/Makefile +++ b/share/man/man4/Makefile @@ -72,6 +72,7 @@ MAN= aac.4 \ ktr.4 \ lge.4 \ lo.4 \ + lomac.4 \ lp.4 \ lpbb.4 \ lpt.4 \ diff --git a/share/man/man4/lomac.4 b/share/man/man4/lomac.4 new file mode 100644 index 000000000000..a4aea22591ad --- /dev/null +++ b/share/man/man4/lomac.4 @@ -0,0 +1,133 @@ +.\" Copyright (c) 2001 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by NAI Labs, the +.\" Security Research Division of Network Associates, Inc. under +.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA +.\" CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.Dd November 20, 2001 +.Dt LOMAC 4 +.Os FreeBSD 5.0 +.Sh NAME +.Nm LOMAC +.Nd Low-Watermark Mandatory Access Control security facility +.Sh USAGE +.Dl # /sbin/kldload lomac +.Sh DESCRIPTION +The +.Nm +module provides a drop-in security mechanism in addition to the traditional +POSIX uid-based security facilities, requiring no additional configuration +from the administrator. +.Nm +aims to be two things: it is non-intrusive, so that the system with +.Nm +will not feel largely different from the system without it, and will not +require much modification to intialize; it is also comprehensive enough +that a majority of attacks to compromise a system should fail. +.Pp +To this end, each process on the system will have a label of several +attributes, including a "high" or "low" security level, attached to it, +and these labels of integrity will be managed with a system cognizant +of IPC (signals, debugging, sockets, pipes), path-based filesystem +labels, virtual memory objects, and privileged system calls. +A process (or set of vmspace-sharing processes) will initially inherit +the integrity level of its parent, which, at the point of +.Nm +being started with +.Xr kldload 8 , +will be high. +If it reads lower-integrity data from one of the controlled mechanisms, +it will then decrease its integrity level, and access to modify +higher-integrity data will be revoked. +.Sh IMPLEMENTATION NOTES +.Nm +on +.Fx , +as implemented currently, should properly respect all aspects of any +.Xr chroot 8 +or +.Xr jail 8 +operation performed after it has been initialized. +Pre-existing jail or chroot environments may not necessarily work +completely. +.Nm 's +filesystem should correctly respect the caching behavior of any of the +system's filesystems, and so work for any "normal" or "synthetic" +fileystems. +After loaded, another root +.Xr mount 8 +will exist on the system and appear as type "lomacfs". +.Sh FILES +See +.Pa /sys/security/lomac/policy_plm.h +for specific information on exactly how +.Nm +has been compiled to control access to the filesystem. +.Sh COMPATIBILITY +Some programs, for example +.Xr syslogd 8 , +may need to be restarted after +.Nm +is initialized for them to continue proper operation. +This version of +.Nm +has not had widespread testing, so some common programs have probably +not been tested and could have issues that need to be worked around or +fixed. +.Sh SEE ALSO +.Xr kldload 8 +.Sh HISTORY +.Nm +was initially implemented for Linux systems over the past several years. +Since then, this implementation was created via funding from the +United States DARPA. +See the copyright for details. +.Sh AUTHORS +.Bl -item +.Li An Brian Fundakowski Feldman Aq bfeldman@tislabs.com +.Li An Timothy Fraser Aq tfraser@tislabs.com +.El +.Sh BUGS +.Nm +has not gone through widespread testing yet, so many problems may still exist. +There is still yet one unfixed panic which is reproduceable under load +( +.Xr vrele 9 +begin called too many times). +The operation of +.Xr mount 2 +and +.Xr unmount 2 +may not work properly or at all once +.Nm +has been loaded. +After being loaded, the system must be restarted to revert to a state +without +.Nm .