sensitivefilesystemobject

filesystemobject  时间:2021-04-03  阅读:()
1TheSimplifiedMandatoryAccessControlKernelCaseySchauflercasey@schaufler-ca.
comMandatoryAccessControlComputersystemsemployavarietyofschemestoconstrainhowinformationissharedamongthepeopleandservicesusingthemachine.
Someoftheseschemesallowtheprogramorusertodecidewhatotherprogramsorusersareallowedaccesstopiecesofdata.
Theseschemesarecalleddiscretionaryaccesscontrolmechanismsbecausetheaccesscontrolisspecifiedatthediscretionoftheuser.
Otherschemesdonotleavethedecisionregardingwhatauserorprogramcanaccessuptousersorprograms.
Theseschemesarecalledmandatoryaccesscontrolmechanismsbecauseyoudon'thaveachoiceregardingtheusersorprogramsthathaveaccesstopiecesofdata.
Bell&LaPadulaFromthemiddleofthe1980'suntiltheturnofthecenturyMandatoryAccessControl(MAC)wasverycloselyassociatedwiththeBell&LaPadulasecuritymodel,amathematicaldescriptionoftheUnitedStatesDepartmentofDefensepolicyformarkingpaperdocuments.
MACinthisformenjoyedafollowingwithintheCapitalBeltwayandScandinaviansupercomputercentersbutwasoftensitedasfailingtoaddressgeneralneeds.
DomainTypeEnforcementAroundtheturnofthecenturyDomainTypeEnforcement(DTE)becamepopular.
Thisschemeorganizesusers,programs,anddataintodomainsthatareprotectedfromeachother.
ThisschemehasbeenwidelydeployedasacomponentofpopularLinuxdistributions.
Theadministrativeoverheadrequiredtomaintainthisschemeandthedetailedunderstandingofthewholesystemnecessarytoprovideasecuredomainmappingleadstotheschemebeingdisabledorusedinlimitedwaysinthemajorityofcases.
SmackSmackisaMandatoryAccessControlmechanismdesignedtoprovideusefulMACwhileavoidingthepitfallsofitspredecessors.
ThelimitationsofBell&LaPadulaareaddressedbyprovidingaschemewherebyaccesscanbecontrolledaccordingtotherequirementsofthesystemanditspurposeratherthanthoseimposedbyanarcanegovernmentpolicy.
ThecomplexityofDomainTypeEnforcementandavoidedbydefiningaccesscontrolsintermsoftheaccessmodesalreadyinuse.
2SmackTerminologyThejargonusedtotalkaboutSmackwillbefamiliartothosewhohavedealtwithotherMACsystemsandshouldn'tbetoodifficultfortheuninitiatedtopickup.
Therearefourtermsthatareusedinaspecificwayandthatareespeciallyimportant:Subject:Asubjectisanactiveentityonthecomputersystem.
OnSmackasubjectisatask,whichisinturnthebasicunitofexecution.
Object:Anobjectisapassiveentityonthecomputersystem.
OnSmackfilesofalltypes,IPC,andtaskscanbeobjects.
Access:Anyattemptbyasubjecttoputinformationintoorgetinformationfromanobjectisanaccess.
Label:DatathatidentifiestheMandatoryAccessControlcharacteristicsofasubjectoranobject.
Thesedefinitionsareconsistentwiththetraditionaluseinthesecuritycommunity.
TherearealsosometermsfromLinuxthatarelikelytocropup:Capability:Ataskthatpossessesacapabilityhaspermissiontoviolateanaspectofthesystemsecuritypolicy,asidentifiedbythespecificcapability.
Ataskthatpossessesoneormorecapabilitiesisaprivilegedtask,whereasataskwithnocapabilitiesisanunprivilegedtask.
Privilege:Ataskthatisallowedtoviolatethesystemsecuritypolicyissaidtohaveprivilege.
Asofthiswritingataskcanhaveprivilegeeitherbypossessingcapabilitiesorbyhavinganeffectiveuserofroot.
SmackBasicsSmackisanextensiontoaLinuxsystem.
Itenforcesadditionalrestrictionsonwhatsubjectscanaccesswhichobjects,basedonthelabelsattachedtoeachofthesubjectandtheobject.
LabelsSmacklabelsareASCIIcharacterstrings,onetotwenty-threecharactersinlength.
Singlecharacterlabelsusingspecialcharacters,thatbeinganythingotherthanaletterordigit,arereservedforusebytheSmackdevelopmentteam.
Smacklabelsareunstructured,casesensitive,andtheonlyoperationeverperformedonthemiscomparisonforequality.
Therearesomepredefinedlabels:_Pronounced"floor",asingleunderscorecharacter.
^Pronounced"hat",asinglecircumflexcharacter.
*Pronounced"star",asingleasteriskcharacter.
Pronounced"huh",asinglequestionmarkcharacter.
3EverytaskonaSmacksystemisassignedalabel.
Systemtasks,suchasinit(8)andsystemsdaemons,arerunwiththefloor("_")label.
Usertasksareassignedlabelsaccordingtothespecificationfoundinthe/etc/smack/userconfigurationfile.
AccessRulesSmackusesthetraditionalaccessmodesofLinux.
Thesemodesareread,execute,write,andoccasionallyappend.
Thereareafewcaseswheretheaccessmodemaynotbeobvious.
Theseinclude:Signals:Asignalisawriteoperationfromthesubjecttasktotheobjecttask.
InternetDomainIPC:Transmissionofapacketisconsideredawriteoperationfromthesourcetasktothedestinationtask.
Smackrestrictsaccessbasedonthelabelattachedtoasubjectandthelabelattachedtotheobjectitistryingtoaccess.
Therulesenforcedare,inorder:1.
Anyaccessrequestedbyatasklabeled"*"isdenied.
2.
Areadorexecuteaccessrequestedbyatasklabeled"^"ispermitted.
3.
Areadorexecuteaccessrequestedonanobjectlabeled"_"ispermitted.
4.
Anyaccessrequestedonanobjectlabeled"*"ispermitted.
5.
Anyaccessrequestedbyataskonanobjectwiththesamelabelispermitted.
6.
Anyaccessrequestedthatisexplicitlydefinedintheloadedrulesetispermitted.
7.
Anyotheraccessisdenied.
InFigure1auserbarneyhasbeenassignedtheSmacklabelRubble.
Thisusercanreadorexecutethefloorlabeledsystemprogramsanddata.
Hecanalsoreadfromandwritetothespecialdevice/dev/null,whichhasthestarlabel.
SystemprocessesrunningwiththefloorlabeldonothaveanyaccesstoBarney'sdata.
Asystemprocessrunningwiththehatlabelisallowedreadaccesstotheuser'sdatabutnotwriteaccess.
4Figure1–BasicSmackAccessPolicyWiththebasicrulessystemtasksrunningwiththefloorlabelareprotectedfromuserprocessesrunningwithotherlabels.
Figure2demonstratestheaccessesallowedwhentwouserlabelsareinuse.
InthisexampletheJavalabeledtaskcanreadandwritetheJavalabeleddata,theMP3labeledtaskhasreadandwriteaccesstotheMP3labeleddata,whilethesystemfloorlabeledtaskhasthesameaccesstoitsfloorlabeleddata.
BoththeJavaandMP3taskshavereadaccesstothefloorsystemdata.
Thetwousertaskshavenoaccesstoeachother'sdata.
_/,/bin,/bin/sh*/dev/nullRubble~barney*^Rubble_5Figure2-BasicUserLabelInteractionsSmackAccessRulesWiththeisolationprovidedbySmackaccessseparationissimple.
Therearemanyinterestingcaseswherelimitedaccessbysubjectstoobjectswithdifferentlabelsisdesired.
Oneexampleisthefamiliarspymodelofsensitivity,whereascientistworkingonahighlyclassifiedprojectwouldbeabletoreaddocumentsoflowerclassificationsandanythingshewriteswillbe"born"highlyclassified.
ToaccommodatesuchschemesSmackincludesamechanismforspecifyingrulesallowingaccessbetweenlabels.
AccessRuleFormatTheformatofanaccessruleis:subject-labelobject-labelaccessWheresubject-labelistheSmacklabelofthetask,object-labelistheSmacklabelofthethingbeingaccessed,andaccessisastringspecifyingthesortofaccessallowed.
TheSmacklabelsarelimitedto23characters.
Theaccessspecificationissearchedforlettersthatdescribeaccessmodes:a:indicatesthatappendaccessshouldbegranted.
r:indicatesthatreadaccessshouldbegranted.
w:indicatesthatwriteaccessshouldbegranted.
x:indicatesthatexecuteaccessshouldbegranted.
Accessmodespecificationscanbeinanyorder.
Examplesofacceptablerulesare:TopSecretSecretrxSystemDataJavaSandboxMP3DataSystemProcessJavaProcessMP3Process6SecretUnclassrManagerGamexUserHRwNewOldrRrrrClosedOff-Examplesofunacceptablerulesare:TopSecretSecretrxTS/Alpha,OmegaOverloardrxAceAcerOddspellswaxbeansSpacesarenotallowedinlabels.
Theslashcharacter"/"isnotallowedinlabels.
Sinceasubjectalwayshasaccesstofileswiththesamelabelspecifyingaruleforthatcaseispointless.
Lettersthatdonotspecifylegitimateaccessmodesarenotallowed.
ApplyingAccessRulesThedevelopersofLinuxrarelydefinenewsortsofthings,usuallyimportingschemesandconceptsfromothersystems.
Mostoften,theothersystemsarevariantsofUnix.
Unixhasmanyendearingproperties,butconsistencyofaccesscontrolmodelsisnotoneofthem.
Smackstrivestotreataccessesasuniformlyasissensiblewhilekeepingwiththespiritoftheunderlyingmechanism.
Filesystemobjectsincludingfiles,directories,namedpipes,symboliclinks,anddevicesrequireaccesspermissionsthatcloselymatchthoseusedbymodebitaccess.
Toopenafileforreadingreadaccessisrequiredonthefile.
Tosearchadirectoryrequiresexecuteaccess.
Creatingafilewithwriteaccessrequiresbothreadandwriteaccessonthecontainingdirectory.
Deletingafilerequiresreadandwriteaccesstothefileandtothecontainingdirectory.
Itispossiblethatausermaybeabletoseethatafileexistsbutnotanyofitsattributesbythecircumstanceofhavingreadaccesstothecontainingdirectorybutnottothedifferentlylabeledfile.
Thisisanartifactofthefilenamebeingdatainthedirectory,notapartofthefile.
IPCobjects,messagequeues,semaphoresets,andmemorysegmentsexistinflatnamespacesandaccessrequestsareonlyrequiredtomatchtheobjectinquestion.
ProcessobjectsreflecttasksonthesystemandtheSmacklabelusedtoaccessthemisthesameSmacklabelthatthetaskwoulduseforitsownaccessattempts.
Sendingasignalviathekill()systemcallisawriteoperationfromthesignalertotherecipient.
Debuggingaprocessrequiresbothreadingandwriting.
CreatinganewtaskisaninternaloperationthatresultsintwotaskswithidenticalSmacklabelsandrequiresnoaccesschecks.
7Socketsaredatastructuresattachedtoprocessesandsendingapacketfromoneprocesstoanotherrequiresthatthesenderhavewriteaccesstothereceiver.
Thereceiverisnotrequiredtohavereadaccesstothesender.
SettingAccessRulesTheconfigurationfile/etc/smack/accessescontainstherulestobesetatsystemstartup.
Thecontentsarewrittentothespecialfile/smack/load.
Rulescanbewrittento/smack/loadatanytimeandtakeeffectimmediately.
Foranypairofsubjectandobjectlabelstherecanbeonlyonerule,withthemostrecentlyspecifiedoverridinganyearlierspecification.
Inordertoensurethatrulesarewrittenproperlyaprogramsmackloadisprovided.
TaskAttributeTheSmacklabelofaprocesscanbereadfrom/proc//attr/current.
AprocesscanreaditsownSmacklabelfrom/proc/self/attr/current.
AprivilegedprocesscanchangeitsownSmacklabelbywritingto/proc/self/attr/currentbutnotthelabelofanotherprocess.
FileAttributeTheSmacklabelofafilesystemobjectisstoredasanextendedattributenamedSMACK64onthefile.
Thisattributeisinthesecuritynamespace.
Itcanonlybechangedbyaprocesswithprivilege.
PrivilegeTherearetwocapabilitiesusedexplicitlybySmack.
CAP_MAC_ADMINallowsaprocesstoperformadministrativefunctionssuchasloadingaccessrules.
CAP_MAC_OVERRIDEexemptsaprocessfromallaccesscontrolrules.
SmackNetworkingAsmentionedbefore,Smackenforcesaccesscontrolonnetworkprotocoltransmissions.
UsuallyapacketsentbyaSmackprocessistaggedwithitsSmacklabel,howeverpacketsthatwouldgettheambientlabelaresentwithoutatag.
ThisisdonebyaddingaCIPSOtagtotheheaderoftheIPpacket.
EachpacketreceivedisexpectedtohaveaCIPSOtagthatidentifiesthelabelandifitlackssuchatagthenetworkambientlabelisassumed.
Beforethepacketisdeliveredacheckismadetodeterminethatasubjectwiththelabelonthepackethaswriteaccesstothereceivingprocessandifthatisnotthecasethepacketisdropped.
CIPSOConfigurationItisnormallyunnecessarytospecifytheCIPSOconfiguration.
Thedefaultvaluesusedbythesystemhandleallinternalcases.
SmackwillcomposeCIPSOlabelvaluestomatchtheSmacklabelsbeingusedwithoutadministrativeintervention.
Unlabeled8packetsthatcomeintothesystemwillbegiventheambientlabel,andoutgoingpacketsthatwouldgettheambientlabelaresentunlabeled.
SmackrequiresconfigurationinthecasewherepacketsfromasystemthatisnotSmackthatspeaksCIPSOmaybeencountered.
UsuallythiswillbeaTrustedSolarissystem,butthereareother,lesswidelydeployedsystemsoutthere.
CIPSOprovides3importantvalues,aDomainOfInterpretation(DOI),alevel,andacategorysetwitheachpacket.
TheDOIisintendedtoidentifyagroupofsystemsthatusecompatiblelabelingschemes,andtheDOIspecifiedonthesmacksystemmustmatchthatoftheremotesystemorpacketswillbediscarded.
TheDOIis3bydefault.
Thevaluecanbereadfrom/smack/doiandcanbechangedbywritingto/smack/doi.
ThelabelandcategorysetaremappedtoaSmacklabelasdefinedin/etc/smack/cipso.
ASmack/CIPSOmappinghastheform:smacklevel[category[category]…]Smackdoesnotexpectthelevelorcategorysetstoberelatedinanyparticularwayanddoesnotassumeorassignaccessesbasedonthem.
Someexamplesofmappings:TopSecret7TS:A,B712SecBDE546RAFTERS71226The":"and","charactersarepermittedinaSmacklabelbuthavenospecialmeaning.
ThemappingofSmacklabelstoCIPSOvaluesisdefinedbywritingto/smack/cipso,andtoensurecorrectformattingtheprogramsmackcipsoisprovided.
InadditiontoexplicitmappingsSmacksupportsdirectCIPSOmappings.
OneCIPSOlevelisusedtoindicatethatthecategorysetpassedinthepacketisinfactanencodingoftheSmacklabel.
Thelevelusedis250bydefault.
Thevaluecanbereadfrom/smack/directandchangedbywritingto/smack/direct.
SocketAttributesTherearetwoattributesthatareassociatedwithsockets.
Theseattributescanonlybesetbyprivilegedtasks,butanytaskcanreadthemfortheirownsockets.
SMACK64IPIN:TheSmacklabelofthetaskobject.
Aprivilegedprogramthatwillenforcepolicymaysetthistothestarlabel.
9SMACK64IPOUT:TheSmacklabeltransmittedwithoutgoingpackets.
Aprivilegedprogrammaysetthistomatchthelabelofanothertaskwithwhichithopestocommunicate.
PacketAttributesTheSmacklabelthatcamewithanetworkpacketisobtaineddifferentlydependingonthetypeofsocketinvolved.
Onlyaprivilegedprocesswilleverneedtodothis,andthenonlyifitistrustedtoenforcetheSmackaccesscontrolrules.
ForaUDSsocketthelabelwillmatchthatofthefilesystemobject.
Itcanbeobtainedbycallingfgetxattr(sock,"security.
SMACK64",…).
ThelabelofaTCPconnectioncanbeobtainedbycallinggetsockopt(sock,SOL_SOCKET,SO_PEERSEC,…)ThelabelusedbyaprocessshouldneverchangeduringaTCPsession.
Itrequiresprivilegetodosoandaprogramthatchangeslabelsmustdosowithaccesscontrolinmind.
ThelabelofindividualUDPpacketsmustbedealtwithastheycomein,becausethereisnoconnectionnegotiatedbetweenthetasks.
Aprogramthatwantstodealwithincomingpacketsatmultiplelabelsfirstneedstocallsetsockopt(sock,SOL_IP,IP_PASSSEC,…)andthenparsethemessageheaderswitheachpacketreceived.
Thefunctionsmackrecvmsg()isavailabletoprovidetheparsing.
Itcanbeusedinsteadofrecvmsg().
WritingApplicationsforSmackTherearethreesortsofapplicationsthatwillrunonaSmacksystem.
HowanapplicationinteractswithSmackwilldeterminewhatitwillhavetodotoworkproperlyunderSmack.
SmackIgnorantApplicationsByfarthemajorityofapplicationshavenoreasonwhatevertocareabouttheuniquepropertiesofSmack.
SinceinvokingaprogramhasnoimpactontheSmacklabelassociatedwiththeprocesstheonlyconcernlikelytoariseiswhethertheprocesshasexecuteaccesstotheprogram.
10SmackRelevantApplicationsSomeprogramscanbeimprovedbyteachingthemaboutSmack,butdonotmakeanysecuritydecisionsthemselves.
Theutilityls(1)isoneexampleofsuchaprogram.
SmackEnforcingApplicationsThesearespecialprogramsthatnotonlyknowaboutSmack,butparticipateintheenforcementofsystempolicy.
Inmostcasesthesearetheprogramsthatsetupusersessions.
Therearealsonetworkservicesthatprovideinformationtoprocessesrunningwithvariouslabels.
FileSystemInterfacesSmackmaintainslabelsonfilesystemobjectsusingextendedattributes.
TheSmacklabelofafile,directory,orotherfilesystemobjectcanbeobtainedusinggetxattr(2).
getxattr("/","security.
SMACK64",value,sizeof(value));willputtheSmacklabeloftherootdirectoryintovalue.
AprivilegedprocesscansettheSmacklabelofafilesystemobjectwithsetxattr(2).
rc=setxattr("/foo","security.
SMACK64","Rubble",strlen("Rubble"),0);ThiswillsettheSmacklabelof/footoRubbleiftheprogramhasappropriateprivilege.
SocketInterfacesThesocketattributescanbereadusingfgetxattr(2).
AprivilegedprocesscansettheSmacklabelofoutgoingpacketswithfsetxattr(2).
rc=fsetxattr(fd,"security.
SMACK64IPOUT","Rubble",strlen("Rubble"),0);ThiswillsettheSmacklabel"Rubble"onpacketsgoingoutfromthesocketiftheprogramhasappropriateprivilege.
rc=fsetxattr(fd,"security.
SMACK64IPIN,"*",strlen("*"),0);ThiswillsettheSmacklabel"*"astheobjectlabelagainstwhichincomingpacketswillbecheckediftheprogramhasappropriateprivilege.
11AdministrationSmacksupportssomemountoptions:smackfsdef=label:specifiesthelabeltogivefilesthatlacktheSmacklabelextendedattribute.
smackfsroot=label:specifiesthelabeltoassigntherootofthefilesystemifitlackstheSmackextendedattribute.
smackfshat=label:specifiesalabelthatmusthavereadaccesstoalllabelssetonthefilesystem.
Notyetenforced.
smackfsfloor=label:specifiesalabeltowhichalllabelssetonthefilesystemmusthavereadaccess.
Notyetenforced.
ThesemountoptionsapplytoallfilesystemtypeswiththecurrentexceptionofNFS.

酷番云-618云上秒杀,香港1核2M 29/月,高防服务器20M 147/月 50M 450/月,续费同价!

官方网站:点击访问酷番云官网活动方案:优惠方案一(限时秒杀专场)有需要海外的可以看看,比较划算29月,建议年付划算,月付续费不同价,这个专区。国内节点可以看看,性能高IO为主, 比较少见。平常一般就100IO 左右。优惠方案二(高防专场)高防专区主要以高防为主,节点有宿迁,绍兴,成都,宁波等,节点挺多,都支持防火墙自助控制。续费同价以下专场。 优惠方案三(精选物理机)西南地区节点比较划算,赠送5...

硅云香港CN2+BGP云主机仅188元/年起(香港云服务器专区)

硅云怎么样?硅云是一家专业的云服务商,硅云的主营产品包括域名和服务器,其中香港云服务器、香港云虚拟主机是非常受欢迎的产品。硅云香港可用区接入了中国电信CN2 GIA、中国联通直连、中国移动直连、HGC、NTT、COGENT、PCCW在内的数十家优质的全球顶级运营商,是为数不多的多线香港云服务商之一。目前,硅云香港云服务器,CN2+BGP线路,1核1G香港云主机仅188元/年起,域名无需备案,支持个...

香港服务器多少钱一个月?香港云服务器最便宜价格

香港服务器多少钱一个月?香港服务器租用配置价格一个月多少,现在很多中小型企业在建站时都会租用香港服务器,租用香港服务器可以使网站访问更流畅、稳定性更好,安全性会更高等等。香港服务器的租用和其他地区的服务器租用配置元素都是一样的,那么为什么香港服务器那么受欢迎呢,香港云服务器最便宜价格多少钱一个月呢?阿里云轻量应用服务器最便宜的是1核1G峰值带宽30Mbps,24元/月,288元/年。不过我们一般选...

filesystemobject为你推荐
网罗设计网络工程是什么啊?毕业后能干什么工作啊?2020双十一成绩单2020年河南全县初二期末成绩排名?微信回应封杀钉钉微信违规操作被封了,www.20ren.com求此欧美艳星名字http://www.sqsmm.com/index.php?album-read-id-1286.html7788k.com以前有个网站是7788MP3.com后来改成KK130现在又改网站域名了。有知道现在是什么域名么?rawtools照片上面的RAW是什么意思,为什么不能到PS中去编辑罗伦佐娜米开朗琪罗简介seo优化工具想找一个效果好的SEO优化软件使用,在网上找了几款不知道哪款好,想请大家帮忙出主意,用浙江哪款软件效果好www.585ccc.com手机ccc认证查询,求网址杨丽晓博客明星的最新博文
重庆vps租用 个人域名备案流程 什么是二级域名 132邮箱 qq云存储 kvmla yardvps vmsnap3 paypal认证 回程路由 parseerror patcha 华为网络硬盘 40g硬盘 idc是什么 免费防火墙 中国电信测网速 天翼云盘 根服务器 新加坡空间 更多