os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Whitespace and slight rewording changes. No new content added,

Browse source 
translators may safely ignore.
This commit is contained in:
Tom Rhodes 2004-09-29 21:23:09 +00:00
parent 018c1d855e
commit 71031a6595
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=22516
1 changed files with 40 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

78
en_US.ISO8859-1/books/handbook/mac/chapter.sgml
View file

@ -26,7 +26,7 @@
TrustedBSD project based on the &posix;.1e draft. Two of the most TrustedBSD project based on the &posix;.1e draft. Two of the most
significant new security mechanisms are file system Access Control significant new security mechanisms are file system Access Control
Lists (<acronym>ACLs</acronym>) and Mandatory Access Control Lists (<acronym>ACLs</acronym>) and Mandatory Access Control
(<acronym>MAC</acronym>). Mandatory Access Control allows (<acronym>MAC</acronym>) facilities. Mandatory Access Control allows
new access control modules to be loaded, implementing new security new access control modules to be loaded, implementing new security
policies. Some provide protections of a narrow subset of the policies. Some provide protections of a narrow subset of the
system, hardening a particular service, while others provide system, hardening a particular service, while others provide
@ -36,7 +36,7 @@
the controls is done by administrators and the system, and is the controls is done by administrators and the system, and is
not left up to the discretion of users as is done with not left up to the discretion of users as is done with
discretionary access control (<acronym>DAC</acronym>, the standard discretionary access control (<acronym>DAC</acronym>, the standard
file and System V IPC permissions on &os;).</para> file and System V <acronym>IPC</acronym> permissions on &os;).</para>
<para>This chapter will focus on the <para>This chapter will focus on the
Mandatory Access Control Framework (MAC Framework), and a set Mandatory Access Control Framework (MAC Framework), and a set
@ -124,7 +124,7 @@
<title>What Will Not Be Covered</title> <title>What Will Not Be Covered</title>
<para>This chapter covers a broad range of security issues relating <para>This chapter covers a broad range of security issues relating
to the <acronym>MAC</acronym> framework, however, the to the <acronym>MAC</acronym> framework; however, the
development of new <acronym>MAC</acronym> policies development of new <acronym>MAC</acronym> policies
will not be covered. A number of modules included with the will not be covered. A number of modules included with the
<acronym>MAC</acronym> framework have specific characteristics <acronym>MAC</acronym> framework have specific characteristics
@ -249,18 +249,19 @@
<para>With all of these new terms in mind, consider how the <para>With all of these new terms in mind, consider how the
<acronym>MAC</acronym> framework augments the security of <acronym>MAC</acronym> framework augments the security of
the system as a whole. The various policies provided by the system as a whole. The various security policies provided by
the <acronym>MAC</acronym> framework could be used to the <acronym>MAC</acronym> framework could be used to
protect the network and file systems, block users from protect the network and file systems, block users from
accessing certain ports and sockets, and more. Perhaps accessing certain ports and sockets, and more. Perhaps
the best use of the policies is to blend them together, by loading several policy modules at a time, for the best use of the policies is to blend them together, by loading
a multi-layered security environment. In a multi-layered security environment, several security policy modules at a time, for a multi-layered
multiple policies are in effect to keep security in check. This is different security environment. In a multi-layered security environment,
then a hardening policy, which typically hardens elements of a system that is multiple policies are in effect to keep security in check. This
used only for specific purposes. The only downside is is different then a hardening policy, which typically hardens
administrative overhead in cases of multiple file system elements of a system that is used only for specific purposes.
labels, setting network access control user by user, The only downside is administrative overhead in cases of
etc.</para> multiple file system labels, setting network access control
user by user, etc.</para>
<para>These downsides are minimal when compared to the lasting <para>These downsides are minimal when compared to the lasting
effect of the framework; for instance, the ability to pick choose effect of the framework; for instance, the ability to pick choose
@ -386,11 +387,11 @@
<option>multilabel</option> option may be passed to <option>multilabel</option> option may be passed to
&man.tunefs.8;.</para> &man.tunefs.8;.</para>
<para>In the case of Biba and <acronym>MLS</acronym>, a numeric label may be set to <para>In the case of Biba and <acronym>MLS</acronym>, a numeric
indicate the precise level of hierarchical control. This label may be set to indicate the precise level of hierarchical
numeric level is used to partition or sort information control. This numeric level is used to partition or sort
into different groups of say, classification only permitting information into different groups of say, classification only
access to that group or a higher group level.</para> permitting access to that group or a higher group level.</para>
<para>In most cases the administrator will only be setting up a <para>In most cases the administrator will only be setting up a
single label to use throughout the file system.</para> single label to use throughout the file system.</para>
@ -401,8 +402,8 @@
extent <username>root</username> is the one in control and who extent <username>root</username> is the one in control and who
configures the policy so that users are placed in the configures the policy so that users are placed in the
appropriate categories/access levels. Alas, many policies can appropriate categories/access levels. Alas, many policies can
restrict the <username>root</username> user as well. Basic control over restrict the <username>root</username> user as well. Basic
objects will then be released to the group but control over objects will then be released to the group but
<username>root</username> may revoke or modify the settings <username>root</username> may revoke or modify the settings
at any time. This is the hierarchal/clearance model covered at any time. This is the hierarchal/clearance model covered
by policies such as Biba and <acronym>MLS</acronym>.</para> by policies such as Biba and <acronym>MLS</acronym>.</para>
@ -420,8 +421,8 @@
&man.setfmac.8; and &man.setpmac.8; utilities. &man.setfmac.8; and &man.setpmac.8; utilities.
The <command>setfmac</command> command is used to set The <command>setfmac</command> command is used to set
<acronym>MAC</acronym> labels on system objects while the <acronym>MAC</acronym> labels on system objects while the
<command>setpmac</command> command is used to set the labels on system <command>setpmac</command> command is used to set the labels
subjects. Observe:</para> on system subjects. Observe:</para>
<screen>&prompt.root; <userinput>setfmac biba/high test</userinput></screen> <screen>&prompt.root; <userinput>setfmac biba/high test</userinput></screen>
@ -431,16 +432,17 @@
&man.chmod.1; and &man.chown.8; commands. In some cases this &man.chmod.1; and &man.chown.8; commands. In some cases this
error may be a <errorname>Permission denied</errorname> and error may be a <errorname>Permission denied</errorname> and
is usually obtained when the label is being set or modified is usually obtained when the label is being set or modified
on an object which is restricted.<footnote><para>Other conditions may produce on an object which is restricted.<footnote><para>Other conditions
different failures. For instance, the file may not be owned by the may produce different failures. For instance, the file may not
user attempting to relabel the object, the object may not exist or be owned by the user attempting to relabel the object, the
may be read only. A mandatory policy will not allow the process to object may not exist or may be read only. A mandatory policy
relabel the file, maybe because of a property of the file, a property will not allow the process to relabel the file, maybe because
of the process, or a property of the proposed new label value. of a property of the file, a property of the process, or a
For example: a user running at low integrity tries to change property of the proposed new label value. For example: a user
the label of a high integrity file. Or perhaps a user running running at low integrity tries to change the label of a high
at low integrity tries to change the label of a low integrity integrity file. Or perhaps a user running at low integrity
file to a high integrity label.</para></footnote> The system administrator tries to change the label of a low integrity file to a high
integrity label.</para></footnote> The system administrator
may use the following commands to overcome this:</para> may use the following commands to overcome this:</para>
<screen>&prompt.root; <userinput>setfmac biba/high test</userinput> <screen>&prompt.root; <userinput>setfmac biba/high test</userinput>
@ -903,9 +905,9 @@ test: biba/high</screen>
directory from the username <username>user1</username>.</para> directory from the username <username>user1</username>.</para>
<para>In place of <username>user1</username>, the <para>In place of <username>user1</username>, the
<option>not uid <replaceable>user2</replaceable></option> could be passed. This will <option>not uid <replaceable>user2</replaceable></option> could
enforce the same access restrictions above for all users be passed. This will enforce the same access restrictions
in place of just one user.</para> above for all users in place of just one user.</para>
<note> <note>
<para>The <username>root</username> user will be unaffected <para>The <username>root</username> user will be unaffected
@ -2128,8 +2130,8 @@ XXX
<step> <step>
<para>Check the error message; if the user is in the <para>Check the error message; if the user is in the
<literal>insecure</literal> class, the <literal>insecure</literal> class, the
<literal>partition</literal> policy may be the culprit. Try <literal>partition</literal> policy may be the culprit.
setting the user's class back to the Try setting the user's class back to the
<literal>default</literal> class and rebuild the database <literal>default</literal> class and rebuild the database
with the <command>cap_mkdb</command> command. If this with the <command>cap_mkdb</command> command. If this
does not alleviate the problem, go to step two.</para> does not alleviate the problem, go to step two.</para>
@ -2181,8 +2183,8 @@ XXX
<para>In normal or even single user mode, the <para>In normal or even single user mode, the
<username>root</username> is not recognized. The <username>root</username> is not recognized. The
<command>whoami</command> command returns 0 (zero) and <command>whoami</command> command returns 0 (zero) and
<command>su</command> returns <errorname>who are you?</errorname>. What <command>su</command> returns <errorname>who are you?</errorname>.
could be going on?</para> What could be going on?</para>
<para>This can happen if a labeling policy has been disabled, <para>This can happen if a labeling policy has been disabled,
either by a &man.sysctl.8; or the policy module was unloaded. either by a &man.sysctl.8; or the policy module was unloaded.