From owner-p4-projects Tue Feb 4 22:41:35 2003 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2026D37B746; Tue, 4 Feb 2003 22:41:32 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6396F37B4E8 for ; Tue, 4 Feb 2003 22:41:24 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD49A43F43 for ; Tue, 4 Feb 2003 22:41:23 -0800 (PST) (envelope-from amigus@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h156fNbv091280 for ; Tue, 4 Feb 2003 22:41:23 -0800 (PST) (envelope-from amigus@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h156fN3E091269 for perforce@freebsd.org; Tue, 4 Feb 2003 22:41:23 -0800 (PST) Date: Tue, 4 Feb 2003 22:41:23 -0800 (PST) Message-Id: <200302050641.h156fN3E091269@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to amigus@FreeBSD.org using -f From: Adam Migus Subject: PERFORCE change 24682 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=24682 Change 24682 by amigus@amigus_ludo on 2003/02/04 22:41:00 IFC (one minute too early last time). Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/OUTLINE.TrustedBSD#2 edit .. //depot/user/amigus/amigus_mac/sys/security/mac_biba/mac_biba.c#14 integrate Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/OUTLINE.TrustedBSD#2 (text+ko) ==== @@ -1,4 +1,4 @@ -$P4: //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/OUTLINE.TrustedBSD#1 $ +$P4: //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/OUTLINE.TrustedBSD#2 $ This document outlines the Security Architecture (WIP). As time progresses and more of the document becomes written, each entry in the outline will @@ -21,9 +21,16 @@ 2. Security-Related Definitions 2.1. Security Policy 2.2. Subjects and Objects - 2.3. MAC - 2.4. DAC - 2.5. ... (more to come as they "come up") + 2.3 Security Models (introduce next section). +II. Security Models + 3. MAC + 4. DAC + 5. Implementations in UNIX + - DAC and MAC. + - Lots of references. + 2.3.4 Conflicts/Collisions (very brief) + - Mention further research required to + understand he implications/requirements. II. Kernel Security ("Kernel Security Model?") 3. Kernel Security Policy[footnote 1] 3.1. [UN] Regarding suser, the root user, etc. ==== //depot/user/amigus/amigus_mac/sys/security/mac_biba/mac_biba.c#14 (text+ko) ==== @@ -95,13 +95,14 @@ &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); static int trust_all_interfaces = 0; -SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, +SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RW, &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); static char trusted_interfaces[128]; -SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, - trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); +SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RW, + trusted_interfaces, sizeof(trusted_interfaces), + "Interfaces considered 'trusted' by MAC/Biba"); TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, sizeof(trusted_interfaces)); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message