From: Borja Marcos (BORJAMARSARENET.ES)
Date: Wed May 03 2006 - 08:49:39 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I've been looking at the different MAC modules available and how they
cold help to implement a less insecure than usual shared hosting web
server.

I've not been able to come up with a suitable configuration, looking
at mac_bsdextended, mac_biba and mac_mls, but I think that a MAC
module with the following policies could be very useful for such an
environment. Have I missed anything? Has something similar been done?

The module would (roughly) work as follows:

Defining security levels in a similar way to mac_mls or mac_biba,

we define a range of uids as sysctl variables to be used as
"compartiments". For example,

mac.mac_uids.lowuid
mac.mac_uids.highid

And it would be implemented so that:

Below a given security level, (mac.mac_uids.enforce_below)

- Any operation of a subject with uid x (between lowuid and highuid)
on an object with uid y (between lowuid and highuid) would fail.

- A subject with a given security level could not modify an object
with a higher security level.

This, combined with a chroot tree would (I think) be much better than
the typical solutions available. The webserver process would be
launched as a low-security subject, and it is assumed that it would
make a setuid() before launching a CGI process. And perhaps it
wouldn't be so hard to modify an existing webserver so that it
changed the uid when serving a page associated with a virtual server,
adding a uid parameter to virtual servers.

What do you think? Ideas? (This is only a quick and dirty idea)

Borja.

_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]