Module name: mac_biba.ko
Kernel configuration line: options MAC_BIBA
Boot option: mac_biba_load="YES"
The mac_biba(4) module loads the MAC Biba policy. This policy works much like that of the MLS policy with the exception that the rules for information flow are slightly reversed. This is said to prevent the downward flow of sensitive information whereas the MLS policy prevents the upward flow of sensitive information; thus, much of this section can apply to both policies.
In Biba environments, an “integrity” label is set on each subject or object. These labels are made up of hierarchal grades, and non-hierarchal components. As an object's or subject's grade ascends, so does its integrity.
Supported labels are biba/low
,
biba/equal
, and biba/high
;
as explained below:
The biba/low
label is considered the
lowest integrity an object or subject may have. Setting
this on objects or subjects will block their write access
to objects or subjects marked high. They still have read
access though.
The biba/equal
label should only be
placed on objects considered to be exempt from the
policy.
The biba/high
label will permit
writing to objects set at a lower label, but not
permit reading that object. It is recommended that this
label be placed on objects that affect the integrity of
the entire system.
Biba provides for:
Hierarchical integrity level with a set of non hierarchical integrity categories;
Fixed rules: no write up, no read down (opposite of MLS). A subject can have write access to objects on its own level or below, but not above. Similarly, a subject can have read access to objects on its own level or above, but not below;
Integrity (preventing inappropriate modification of data);
Integrity levels (instead of MLS sensitivity levels).
The following sysctl
tunables can
be used to manipulate the Biba policy.
security.mac.biba.enabled
may be used
to enable/disable enforcement of the Biba policy on the
target machine.
security.mac.biba.ptys_equal
may be
used to disable the Biba policy on pty(4)
devices.
security.mac.biba.revocation_enabled
will force the revocation of access to objects if the label
is changed to dominate the subject.
To access the Biba policy setting on system objects, use
the setfmac
and getfmac
commands:
#
setfmac biba/low test
#
getfmac test
test: biba/low
Observations: a lower integrity subject is unable to write to a higher integrity subject; a higher integrity subject cannot observe or read a lower integrity object.
本文及其他文件,可由此下載: ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/。
若有 FreeBSD 方面疑問,請先閱讀
FreeBSD 相關文件,如不能解決的話,再洽詢
<questions@FreeBSD.org>。
關於本文件的問題,請洽詢
<doc@FreeBSD.org>。