From owner-p4-projects Thu Oct 24 12:18:13 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 28C2437B404; Thu, 24 Oct 2002 12:18:10 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF01837B401; Thu, 24 Oct 2002 12:18:09 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9730243E6E; Thu, 24 Oct 2002 12:18:06 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.4/8.12.4) with SMTP id g9OJHTOo041303; Thu, 24 Oct 2002 15:17:30 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 24 Oct 2002 15:17:28 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Brian Feldman Cc: Perforce Change Reviews Subject: Re: PERFORCE change 20064 for review In-Reply-To: <200210241842.g9OIgpMJ019736@repoman.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Note that this is arguably incorrect for all policies but LOMAC, since "fail stop" is the desired behavior for Biba, MLS, SELinux, and others. This is why I changed the default for cow to off. We should look into a way to provide both what LOMAC and the other policies need, perhaps by having two entry points: one for the purpose of downgrading with COW, one without. In particular, pay attention to cases like: LOMAC wants to downgrade write to read-only Biba wants to remove write entirely The desired composition in this case is probably the Biba result. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories On Thu, 24 Oct 2002, Brian Feldman wrote: > http://perforce.freebsd.org/chv.cgi?CH=20064 > > Change 20064 by green@green_laptop_2 on 2002/10/24 11:42:34 > > Change default MAC VM permissions to: > > security.mac.enforce_vm: 1 > security.mac.mmap_revocation: 0 > security.mac.mmap_revocation_via_cow: 1 > > Affected files ... > > .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#327 edit > > Differences ... > > ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#327 (text+ko) ==== > > @@ -142,7 +142,7 @@ > &mac_enforce_sysctl, 0, "Enforce MAC policy on sysctl operations"); > TUNABLE_INT("security.mac.enforce_sysctl", &mac_enforce_sysctl); > > -static int mac_enforce_vm = 0; > +static int mac_enforce_vm = 1; > SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW, > &mac_enforce_vm, 0, "Enforce MAC policy on vm operations"); > TUNABLE_INT("security.mac.enforce_vm", &mac_enforce_vm); > @@ -157,7 +157,7 @@ > SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation, CTLFLAG_RW, > &mac_mmap_revocation, 0, "Revoke mmap access to files on subject " > "relabel"); > -static int mac_mmap_revocation_via_cow = 0; > +static int mac_mmap_revocation_via_cow = 1; > SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, > &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " > "copy-on-write semantics, or by removing all write access"); > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message