LoMAC module: cannot get clearance level revoked

Hello Almighty All,

I am trying to get the LoMAC module revoke user's privileges. In my test
setup, the user with a higher clearance tries to open a lower clearance file
for reading. After that the process label of the user's process is checked.
As a final test, the user's process tries to write to a file with the higher
integrity label. And he succeeds.

Please find my test setup including the test program below. I will be
grateful for any advice you may have. I am using FreeBSD 6.1. All MAC stuff
enabled, the corresponding module loaded, and other models evaluated (Biba,
MLS, combo).

Thanks,
Kirill

=== TEST PROGRAM ===
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/mac.h>


void printfilelabel(const char * fname) {
mac_t filelabel;
char *buf;
if ( 0 != mac_prepare_file_label( &filelabel ) ) {
fprintf( stderr, "printfilelabel(%s): failed to prepare label\n", fname
);
exit( -1 );
}
if ( 0 != mac_get_file( fname, filelabel ) ) {
fprintf( stderr, "printfilelabel(%s): failed to get label\n", fname );
exit( -1 );
}
if ( 0 != mac_to_text( filelabel, &buf ) ) {
fprintf( stderr, "printfilelabel(%s): failed to convert label\n", fname
);
exit( -1 );
}
printf( "\tfilelabel(%s) is %s\n", fname, buf );
free( buf );
mac_free( filelabel );
}
void printmylabel() {
mac_t mylabel;
char *buf;
if ( 0 != mac_prepare_process_label( &mylabel ) ) {
fprintf( stderr, "printmylabel: failed to prepare label" );
exit( -1 );
}
if ( 0 != mac_get_proc( mylabel ) ) {
fprintf( stderr, "printmylabel: failed to get label" );
exit( -1 );
}
if ( 0 != mac_to_text( mylabel, &buf ) ) {
fprintf( stderr, "printmylabel: failed to convert label" );
exit( -1 );
}
printf( "\tMy label is %s\n", buf );
free( buf );
mac_free( mylabel );
}

int main(int argc, char **argv) {
if ( argc != 3 ) return -1;
printmylabel();
printfilelabel( argv[1] );
printf( "Try to open %s for reading...\n", argv[1]);
FILE * f = fopen( argv[1], "r" );
if ( f ) {
/*printf( "Boo! read by lomac/high!\n" );*/
printf("Open for reading succeeded for %s\n", argv[1] );
printmylabel();
printfilelabel( argv[1] );
fclose(f);
f = NULL;
printmylabel();
printfilelabel( argv[2] );
printf( "Try to open %s for writing\n", argv[2] );
f = fopen(argv[2],"w");
if ( f ){
printmylabel();
printf( "Succeeded in opening %s for writing\n", argv[2] );
printfilelabel( argv[2] );
fclose( f );

printfilelabel( argv[2] );
printmylabel();
}
else {
printf( "Unable to open %s for writing!\n", argv[2] );
}
}
else {
printf( "Unable to open %s for reading!\n", argv[1] );
}
}
=== END OF TEST PROGRAM ===
=== TWO TEST FILES ===
The program was run like this:

./lomactest testlow test

and the files had these labels:

testlow: lomac/low
test: lomac/high

=== END OF TWO TEST FILES ===
=== LOGIN CLASS ===
lmsecure:\
:copyright=/etc/COPYRIGHT:\
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\

:path=~/bin:/sbin:/bin:/usr/sbin:/user/bin:/usr/local/sbin:usr/local/bin:\
:manpath=/usr/share/man /usr/local/man:\
:nologin=/usr/sbin/nologin:\
:cputime=1h30m:\
:datasize=8M:\
:vmemoryuse=100M:\
:stacksize=2M:\
:memorylocked=4M:\
:memoryuse=8M:\
:filesize=8M:\
:coredumpsize=8M:\
:openfiles=24:\
:maxproc=32:\
:priority=0:\
:requirehome:\
:passwordtime=91d:\
:umask=022:\
:ignoretime@:\
:label=lomac/high(high-high):

=== END OF LOGIN CLASS
=== PROGRAM RUN RESULT
My label is lomac/high(high-high)
filelabel(testlow) is lomac/low
Try to open testlow for reading...
Open for reading succeeded for testlow
My label is lomac/high(high-high)
filelabel(testlow) is lomac/low
My label is lomac/high(high-high)
filelabel(test) is lomac/high
Try to open test for writing
My label is lomac/high(high-high)
Succeeded in open test for writing
filelabel(test) is lomac/high
filelabel(test) is lomac/high
My label is lomac/high(high-high)

=== END OF PROGRAM RUN RESULT
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • LoMAC module: cannot get clearance level revoked
    ... After that the process label of the user's process is checked. ... exit(-1); ... printfilelabel(argv); ... filelabelis lomac/high ...
    (freebsd-questions)
  • Re: On Local Error Goto Somewhere
    ... an EXIT DO or EXIT FOR. ... going if there is no label to show you the destination. ... IMO the GoTo statement has never been "THE" problem. ... ON ERROR GOTO MySubErr Dim lFNbr as long ...
    (microsoft.public.vb.general.discussion)
  • Re: GoTo in Java
    ... the "in-line" PERFORM does NOT have a label. ... syntax of the inline PERFORM statement from which you want to EXIT? ... I think labelled EXIT PERFORM would raise more problems than ... > loops to be labelled, and the loop terminator would have to specify ...
    (comp.lang.cobol)
  • Re: push pop ebp
    ... A value is assigned to a label by using a: ... Because we start with very simple assembler programs, ... bsr.l exit; call OS to exit ... dec.b ADRS ...
    (alt.lang.asm)
  • Re: rfc1034 3rd step question.
    ... Be aware that RFC 2672 modified step 3.c in server ... QName equals orig qName so set nxdomain and exit. ... What happens if label matches, ...
    (microsoft.public.windows.server.dns)