diff options
Diffstat (limited to 'static/freebsd/man4/mac_lomac.4 3.html')
| -rw-r--r-- | static/freebsd/man4/mac_lomac.4 3.html | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/static/freebsd/man4/mac_lomac.4 3.html b/static/freebsd/man4/mac_lomac.4 3.html new file mode 100644 index 00000000..276778db --- /dev/null +++ b/static/freebsd/man4/mac_lomac.4 3.html @@ -0,0 +1,177 @@ +<table class="head"> + <tr> + <td class="head-ltitle">MAC_LOMAC(4)</td> + <td class="head-vol">Device Drivers Manual</td> + <td class="head-rtitle">MAC_LOMAC(4)</td> + </tr> +</table> +<div class="manual-text"> +<section class="Sh"> +<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> +<p class="Pp"><code class="Nm">mac_lomac</code> — + <span class="Nd">Low-watermark Mandatory Access Control data integrity + policy</span></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> +<p class="Pp">To compile LOMAC into your kernel, place the following lines in + your kernel configuration file:</p> +<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code> +<br/> +<code class="Cd">options MAC_LOMAC</code></div> +<p class="Pp">Alternately, to load the LOMAC module at boot time, place the + following line in your kernel configuration file:</p> +<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code></div> +<p class="Pp">and in <a class="Xr">loader.conf(5)</a>:</p> +<div class="Bd Pp Bd-indent Li"> +<pre>mac_lomac_load="YES"</pre> +</div> +</section> +<section class="Sh"> +<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> +<p class="Pp">The <code class="Nm">mac_lomac</code> policy module implements the + LOMAC integrity model, which protects the integrity of system objects and + subjects by means of an information flow policy coupled with the subject + demotion via floating labels. In LOMAC, all system subjects and objects are + assigned integrity labels, made up of one or more hierarchical grades, + depending on their types. Together, these label elements permit all labels + to be placed in a partial order, with information flow protections and + demotion decisions based on a dominance operator describing the order. The + hierarchal grade field or fields are expressed as a value between 0 and + 65535, with higher values reflecting higher integrity.</p> +<p class="Pp">Three special label component values exist:</p> +<table class="Bl-column Bd-indent"> + <tr id="Label"> + <td><a class="permalink" href="#Label"><b class="Sy">Label</b></a></td> + <td><a class="permalink" href="#Comparison"><b class="Sy" id="Comparison">Comparison</b></a></td> + </tr> + <tr id="low"> + <td><a class="permalink" href="#low"><code class="Li">low</code></a></td> + <td>dominated by all other labels</td> + </tr> + <tr id="equal"> + <td><a class="permalink" href="#equal"><code class="Li">equal</code></a></td> + <td>equal to all other labels</td> + </tr> + <tr id="high"> + <td><a class="permalink" href="#high"><code class="Li">high</code></a></td> + <td>dominates all other labels</td> + </tr> +</table> +<p class="Pp">The “<code class="Li">high</code>” label is assigned + to system objects which affect the integrity of the system as a whole. The + “<code class="Li">equal</code>” label may be used to indicate + that a particular subject or object is exempt from the LOMAC protections. + For example, a label of + “<code class="Li">lomac/equal(equal-equal)</code>” might be + used on a subject which is to be used to administratively relabel anything + on the system.</p> +<p class="Pp">Almost all system objects are tagged with a single, active label + element, reflecting the integrity of the object, or integrity of the data + contained in the object. File system objects may contain an additional + auxiliary label which determines the inherited integrity level for new files + created in a directory or the alternate label assumed by the subject upon + execution of an executable. In general, objects labels are represented in + the following form:</p> +<p class="Pp"></p> +<div class="Bd + Bd-indent"><code class="Li">lomac/</code><var class="Ar">grade</var>[<var class="Ar">auxgrade</var>]</div> +<p class="Pp">For example:</p> +<div class="Bd Pp Bd-indent Li"> +<pre>lomac/10[2] +lomac/low</pre> +</div> +<p class="Pp">Subject labels consist of three label elements: a single (active) + label, as well as a range of available labels. This range is represented + using two ordered LOMAC label elements, and when set on a process, permits + the process to change its active label to any label of greater or equal + integrity to the low end of the range, and lesser or equal integrity to the + high end of the range. In general, subject labels are represented in the + following form:</p> +<p class="Pp"></p> +<div class="Bd + Bd-indent"><code class="Li">lomac/</code><var class="Ar">singlegrade</var>(<var class="Ar">lograde</var><span class="No">-</span><var class="Ar">higrade</var></div> +) +<p class="Pp">Modification of objects is restricted to access via the following + comparison:</p> +<p class="Pp"></p> +<div class="Bd + Bd-indent"><var class="Ar">subject</var>::<var class="Ar">higrade</var> + <span class="No">≥</span> + <var class="Ar">target-object</var>::<var class="Ar">grade</var></div> +<p class="Pp">Modification of subjects is the same, as the target subject's + single grade is the only element taken into comparison.</p> +<p class="Pp">Demotion of a subject occurs when the following comparison is + true:</p> +<p class="Pp"></p> +<div class="Bd + Bd-indent"><var class="Ar">subject</var>::<var class="Ar">singlegrade</var> + <span class="No">></span> + <var class="Ar">object</var>::<var class="Ar">grade</var></div> +<p class="Pp">When demotion occurs, the subject's + <var class="Ar">singlegrade</var> and <var class="Ar">higrade</var> are + reduced to the object's grade, as well as the <var class="Ar">lograde</var> + if necessary. When the demotion occurs, in addition to the permission of the + subject being reduced, shared <a class="Xr">mmap(2)</a> objects which it has + opened in its memory space may be revoked according to the following + <a class="Xr">sysctl(3)</a> variables:</p> +<p class="Pp"></p> +<ul class="Bl-bullet Bl-compact"> + <li id="security.mac.lomac.revocation_enabled"><var class="Va">security.mac.lomac.revocation_enabled</var></li> + <li id="security.mac.enforce_vm"><var class="Va">security.mac.enforce_vm</var></li> + <li id="security.mac.mmap_revocation"><var class="Va">security.mac.mmap_revocation</var></li> + <li id="security.mac.mmap_revocation_via_cow"><var class="Va">security.mac.mmap_revocation_via_cow</var></li> +</ul> +<p class="Pp">Upon execution of a file, if the executable has an auxiliary + label, and that label is within the current range of + <var class="Ar">lograde</var>-<var class="Ar">higrade</var>, it will be + assumed by the subject immediately. After this, demotion is performed just + as with any other read operation, with the executable as the target. Through + the use of auxiliary labels, programs may be initially executed at a lower + effective integrity level, while retaining the ability to raise it + again.</p> +<p class="Pp">These rules prevent subjects of lower integrity from influencing + the behavior of higher integrity subjects by preventing the flow of + information, and hence control, from allowing low integrity subjects to + modify either a high integrity object or high integrity subjects acting on + those objects. LOMAC integrity policies may be appropriate in a number of + environments, both from the perspective of preventing corruption of the + operating system, and corruption of user data if marked as higher integrity + than the attacker.</p> +<p class="Pp">The LOMAC security model is quite similar to that of + <a class="Xr">mac_biba(4)</a> and <a class="Xr">mac_mls(4)</a> in various + ways. More background information on this can be found in their respective + man pages.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE + ALSO</a></h1> +<p class="Pp"><a class="Xr">mmap(2)</a>, <a class="Xr">sysctl(3)</a>, + <a class="Xr">mac(4)</a>, <a class="Xr">mac_biba(4)</a>, + <a class="Xr">mac_bsdextended(4)</a>, <a class="Xr">mac_ddb(4)</a>, + <a class="Xr">mac_ifoff(4)</a>, <a class="Xr">mac_mls(4)</a>, + <a class="Xr">mac_none(4)</a>, <a class="Xr">mac_partition(4)</a>, + <a class="Xr">mac_portacl(4)</a>, <a class="Xr">mac_seeotheruids(4)</a>, + <a class="Xr">mac_test(4)</a>, <a class="Xr">mac(9)</a></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> +<p class="Pp">The <code class="Nm">mac_lomac</code> policy module first appeared + in <span class="Ux">FreeBSD 5.0</span> and was developed by the TrustedBSD + Project.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> +<p class="Pp">This software was contributed to the + <span class="Ux">FreeBSD</span> Project by Network Associates Labs, the + Security Research Division of Network Associates Inc. under DARPA/SPAWAR + contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA + CHATS research program.</p> +</section> +</div> +<table class="foot"> + <tr> + <td class="foot-date">February 25, 2012</td> + <td class="foot-os">FreeBSD 15.0</td> + </tr> +</table> |