| mac_test.4 (115211) | mac_test.4 (115643) |
|---|---|
| 1.\" Copyright (c) 2002 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris Costello 5.\" at Safeport Network Services and Network Associates Laboratories, the 6.\" Security Research Division of Network Associates, Inc. under 7.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8.\" DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" | 1.\" Copyright (c) 2002 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris Costello 5.\" at Safeport Network Services and Network Associates Laboratories, the 6.\" Security Research Division of Network Associates, Inc. under 7.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8.\" DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" |
| 31.\" $FreeBSD: head/share/man/man4/mac_test.4 115211 2003-05-21 15:55:40Z ru $ 32.Dd DECEMBER 1, 2002 | 31.\" $FreeBSD: head/share/man/man4/mac_test.4 115643 2003-06-01 21:52:59Z ru $ 32.\" 33.Dd December 1, 2002 |
| 33.Os 34.Dt MAC_TEST 4 35.Sh NAME 36.Nm mac_test 37.Nd MAC framework testing policy 38.Sh SYNOPSIS 39To compile the testing policy 40into your kernel, place the following lines in your kernel 41configuration file: | 34.Os 35.Dt MAC_TEST 4 36.Sh NAME 37.Nm mac_test 38.Nd MAC framework testing policy 39.Sh SYNOPSIS 40To compile the testing policy 41into your kernel, place the following lines in your kernel 42configuration file: |
| 43.Bd -ragged -offset indent |
|
| 42.Cd "options MAC" 43.Cd "options MAC_TEST" | 44.Cd "options MAC" 45.Cd "options MAC_TEST" |
| 46.Ed |
|
| 44.Pp 45Alternately, to load the testing module at boot time, place the following line 46in your kernel configuration file: | 47.Pp 48Alternately, to load the testing module at boot time, place the following line 49in your kernel configuration file: |
| 50.Bd -ragged -offset indent |
|
| 47.Cd "options MAC" | 51.Cd "options MAC" |
| 52.Ed |
|
| 48.Pp 49and in 50.Xr loader.conf.5 : | 53.Pp 54and in 55.Xr loader.conf.5 : |
| 51.Cd mac_test_load= Ns \&"YES" | 56.Bd -literal -offset indent 57mac_test_load="YES" 58.Ed |
| 52.Sh DESCRIPTION 53The 54.Nm 55policy module implements a testing facility for the MAC framework. 56Among other things, 57.Nm 58will try to catch corrupt labels the system is attempting to destroy and 59drop to the debugger. --- 17 unchanged lines hidden (view full) --- 77.Xr mac_portacl 4 , 78.Xr mac_seeotheruids 4 , 79.Xr mac 9 80.Sh HISTORY 81The 82.Nm 83policy module first appeared in 84.Fx 5.0 | 59.Sh DESCRIPTION 60The 61.Nm 62policy module implements a testing facility for the MAC framework. 63Among other things, 64.Nm 65will try to catch corrupt labels the system is attempting to destroy and 66drop to the debugger. --- 17 unchanged lines hidden (view full) --- 84.Xr mac_portacl 4 , 85.Xr mac_seeotheruids 4 , 86.Xr mac 9 87.Sh HISTORY 88The 89.Nm 90policy module first appeared in 91.Fx 5.0 |
| 85and was developed by the TrustedBSD Project. | 92and was developed by the 93.Tn TrustedBSD 94Project. |
| 86.Sh AUTHORS 87This software was contributed to the 88.Fx 89Project by Network Associates Labs, 90the Security Research Division of Network Associates | 95.Sh AUTHORS 96This software was contributed to the 97.Fx 98Project by Network Associates Labs, 99the Security Research Division of Network Associates |
| 91Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), | 100Inc. under DARPA/SPAWAR contract N66001-01-C-8035 101.Pq Dq CBOSS , |
| 92as part of the DARPA CHATS research program. 93.Sh BUGS 94See 95.Xr mac 9 96concerning appropriateness for production use. | 102as part of the DARPA CHATS research program. 103.Sh BUGS 104See 105.Xr mac 9 106concerning appropriateness for production use. |
| 97The TrustedBSD MAC Framework is considered experimental in | 107The 108.Tn TrustedBSD 109MAC Framework is considered experimental in |
| 98.Fx . 99.Pp 100While the MAC Framework design is intended to support the containment of 101the root user, not all attack channels are currently protected by entry 102point checks. 103As such, MAC Framework policies should not be relied on, in isolation, 104to protect against a malicious privileged user. | 110.Fx . 111.Pp 112While the MAC Framework design is intended to support the containment of 113the root user, not all attack channels are currently protected by entry 114point checks. 115As such, MAC Framework policies should not be relied on, in isolation, 116to protect against a malicious privileged user. |