From owner-trustedbsd-discuss@FreeBSD.ORG Thu Sep 14 06:17:27 2006 Return-Path: X-Original-To: trustedbsd-discuss@freebsd.org Delivered-To: trustedbsd-discuss@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE2EC16A40F for ; Thu, 14 Sep 2006 06:17:27 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5071443D45 for ; Thu, 14 Sep 2006 06:17:27 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from www.ebusiness-leidinger.de (jojo.ms-net.de [84.16.236.246]) by cyrus.watson.org (Postfix) with ESMTP id AC27346BF5 for ; Thu, 14 Sep 2006 02:17:26 -0400 (EDT) Received: from Andro-Beta.Leidinger.net (p54A5D428.dip.t-dialin.net [84.165.212.40]) (authenticated bits=0) by www.ebusiness-leidinger.de (8.13.6/8.13.6) with ESMTP id k8E5t7pn013906; Thu, 14 Sep 2006 07:55:08 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from localhost (webmail.Leidinger.net [192.168.1.102]) by Andro-Beta.Leidinger.net (8.13.4/8.13.3) with ESMTP id k8E6HENg001182; Thu, 14 Sep 2006 08:17:14 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from psbru.cec.eu.int (psbru.cec.eu.int [158.169.131.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Thu, 14 Sep 2006 08:17:03 +0200 Message-ID: <20060914081703.umum0k4x3k88k4ko@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Thu, 14 Sep 2006 08:17:03 +0200 From: Alexander Leidinger To: Robert Watson References: <20060913150912.J1823@fledge.watson.org> In-Reply-To: <20060913150912.J1823@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.1.3) / FreeBSD-7.0 X-Virus-Scanned: by amavisd-new X-Mailman-Approved-At: Thu, 14 Sep 2006 11:28:00 +0000 Cc: arch@FreeBSD.org, trustedbsd-discuss@TrustedBSD.org Subject: Re: New in-kernel privilege API: priv(9) X-BeenThere: trustedbsd-discuss@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD General Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Sep 2006 06:17:28 -0000 Quoting Robert Watson (from Wed, 13 Sep 2006 =20 15:29:14 +0100 (BST)): > privilege list in src/sys/priv.h: > ... > PRIV_UFS_SETQUOTA, /* setquota(). */ > PRIV_UFS_SETUSE, /* setuse(). */ > PRIV_UFS_EXCEEDQUOTA, /* Exempt from quota restrictions. */ Is this something special to UFS, or did you use the UFS part only =20 because no other filesystem in the tree has support for quotas? > - It makes it possible for the MAC Framework to allow policies to grant > privilege. Policy modules can register interest in privilege checks, an= d > then specifically grant access to privileges as they see fit. > > In order to demonstrate MAC Framework integration with the privilege > system, I have implemented a sample policy module, mac_privs, which > allows rule-based granting of privileges to specific uids. Using a > command line tool, appropriately privileged processes can modify the > rule list, granting named privileges to unprivileged users. This is > not a particularly mature example of a privilege-granting policy, as > ideally privilege is something that is available but not always > exercised -- i.e., similar to a setuid root binary that switches the > effective uid to root only when it specifically needs privilege. > However, it's quite useful in practice, and demonstrates how > configurable policies can interact with kernel privilege decisions. > It is my intent, following review, discussion, cleanup, etc, to commit > the priv(9) work, sans mac_privs, to the 7.x tree in the next couple of > weeks. The mac_privs policy is a sample policy that will continue to be > maintained as part of the TrustedBSD Project, but not merged into the > base tree at this point. Is the mac_privs policy just a proof of concept? It would be nice to =20 allow more fine grained access to some users or applications. The =20 later one would need some way to identify the application/binary in a =20 safe way, maybe by using extended attributes in the FS. Bye, Alexander. --=20 Real programmers don't write specs -- users should consider themselves lucky to get any programs at all and take what they get. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137