From owner-freebsd-security Thu Dec 2 10:24:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from ints.ru (ints.ru [194.67.173.1]) by hub.freebsd.org (Postfix) with ESMTP id 2671514D09 for ; Thu, 2 Dec 1999 10:24:07 -0800 (PST) (envelope-from ilmar@ints.ru) Received: (from uucp@localhost) by ints.ru (8.9.2/8.9.2) id VAA13483; Thu, 2 Dec 1999 21:23:34 +0300 (MSK) Received: from ws-ilmar.ints.ru(194.67.173.16) via SMTP by ints.ru, id smtpdC13481; Thu Dec 2 21:23:31 1999 Received: from localhost (localhost [127.0.0.1]) by ws-ilmar.ints.ru (8.9.3/8.9.3) with ESMTP id VAA45382; Thu, 2 Dec 1999 21:23:30 +0300 (MSK) Date: Thu, 2 Dec 1999 21:23:29 +0300 (MSK) From: "Ilmar S. Habibulin" To: freebsd-security@freebsd.org Cc: posix1e@cyrus.watson.org Subject: Reference monitor concept implementation Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I do not know where is better to address this, maybe to -arch? While reading the description of WinNT security subsystem i noticed that something called Security Reference Monitor, which handles all access requests and grands or denys them. That is the thing Orange Book is talking about. If you'll look through the freebsd source, you can see that all fs drivers handles access requests by themselves. At the same time the codes are equal. I suggest to change fs drivers and kernel so that fs drivers will suply kernel with security attributes of the files(directories and so on) and kernel will make decision on granting or denying access. There would be much more easy to implement different access control mechanisms in such system. PS. My early Mandatory Access Control implementation was coded in the FFS driver. While trying to spread MAC to other objects i understand my mistake. Now MAC is in syscalls. So what people would you say? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message