diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml index 1a88cf574c..c381f5d9b5 100644 --- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml @@ -26,7 +26,7 @@ TrustedBSD project based on the &posix;.1e draft. Two of the most significant new security mechanisms are file system Access Control Lists (ACLs) and Mandatory Access Control - (MAC). Mandatory Access Control allows + (MAC) facilities. Mandatory Access Control allows new access control modules to be loaded, implementing new security policies. Some provide protections of a narrow subset of the system, hardening a particular service, while others provide @@ -36,7 +36,7 @@ the controls is done by administrators and the system, and is not left up to the discretion of users as is done with discretionary access control (DAC, the standard - file and System V IPC permissions on &os;). + file and System V IPC permissions on &os;). This chapter will focus on the Mandatory Access Control Framework (MAC Framework), and a set @@ -124,7 +124,7 @@ What Will Not Be Covered This chapter covers a broad range of security issues relating - to the MAC framework, however, the + to the MAC framework; however, the development of new MAC policies will not be covered. A number of modules included with the MAC framework have specific characteristics @@ -249,18 +249,19 @@ With all of these new terms in mind, consider how the MAC framework augments the security of - the system as a whole. The various policies provided by + the system as a whole. The various security policies provided by the MAC framework could be used to protect the network and file systems, block users from accessing certain ports and sockets, and more. Perhaps - the best use of the policies is to blend them together, by loading several policy modules at a time, for - a multi-layered security environment. In a multi-layered security environment, - multiple policies are in effect to keep security in check. This is different - then a hardening policy, which typically hardens elements of a system that is - used only for specific purposes. The only downside is - administrative overhead in cases of multiple file system - labels, setting network access control user by user, - etc. + the best use of the policies is to blend them together, by loading + several security policy modules at a time, for a multi-layered + security environment. In a multi-layered security environment, + multiple policies are in effect to keep security in check. This + is different then a hardening policy, which typically hardens + elements of a system that is used only for specific purposes. + The only downside is administrative overhead in cases of + multiple file system labels, setting network access control + user by user, etc. These downsides are minimal when compared to the lasting effect of the framework; for instance, the ability to pick choose @@ -386,11 +387,11 @@ option may be passed to &man.tunefs.8;. - In the case of Biba and MLS, a numeric label may be set to - indicate the precise level of hierarchical control. This - numeric level is used to partition or sort information - into different groups of say, classification only permitting - access to that group or a higher group level. + In the case of Biba and MLS, a numeric + label may be set to indicate the precise level of hierarchical + control. This numeric level is used to partition or sort + information into different groups of say, classification only + permitting access to that group or a higher group level. In most cases the administrator will only be setting up a single label to use throughout the file system. @@ -401,8 +402,8 @@ extent root is the one in control and who configures the policy so that users are placed in the appropriate categories/access levels. Alas, many policies can - restrict the root user as well. Basic control over - objects will then be released to the group but + restrict the root user as well. Basic + control over objects will then be released to the group but root may revoke or modify the settings at any time. This is the hierarchal/clearance model covered by policies such as Biba and MLS. @@ -420,8 +421,8 @@ &man.setfmac.8; and &man.setpmac.8; utilities. The setfmac command is used to set MAC labels on system objects while the - setpmac command is used to set the labels on system - subjects. Observe: + setpmac command is used to set the labels + on system subjects. Observe: &prompt.root; setfmac biba/high test @@ -431,16 +432,17 @@ &man.chmod.1; and &man.chown.8; commands. In some cases this error may be a Permission denied and is usually obtained when the label is being set or modified - on an object which is restricted.Other conditions may produce - different failures. For instance, the file may not be owned by the - user attempting to relabel the object, the object may not exist or - may be read only. A mandatory policy will not allow the process to - relabel the file, maybe because of a property of the file, a property - of the process, or a property of the proposed new label value. - For example: a user running at low integrity tries to change - the label of a high integrity file. Or perhaps a user running - at low integrity tries to change the label of a low integrity - file to a high integrity label. The system administrator + on an object which is restricted.Other conditions + may produce different failures. For instance, the file may not + be owned by the user attempting to relabel the object, the + object may not exist or may be read only. A mandatory policy + will not allow the process to relabel the file, maybe because + of a property of the file, a property of the process, or a + property of the proposed new label value. For example: a user + running at low integrity tries to change the label of a high + integrity file. Or perhaps a user running at low integrity + tries to change the label of a low integrity file to a high + integrity label. The system administrator may use the following commands to overcome this: &prompt.root; setfmac biba/high test @@ -903,9 +905,9 @@ test: biba/high directory from the username user1. In place of user1, the - could be passed. This will - enforce the same access restrictions above for all users - in place of just one user. + could + be passed. This will enforce the same access restrictions + above for all users in place of just one user. The root user will be unaffected @@ -2128,8 +2130,8 @@ XXX Check the error message; if the user is in the insecure class, the - partition policy may be the culprit. Try - setting the user's class back to the + partition policy may be the culprit. + Try setting the user's class back to the default class and rebuild the database with the cap_mkdb command. If this does not alleviate the problem, go to step two. @@ -2181,8 +2183,8 @@ XXX In normal or even single user mode, the root is not recognized. The whoami command returns 0 (zero) and - su returns who are you?. What - could be going on? + su returns who are you?. + What could be going on? This can happen if a labeling policy has been disabled, either by a &man.sysctl.8; or the policy module was unloaded.