ダウンロードリスト

プロジェクト概要

システムを解析および保護するためのセキュリティモジュール TOMOYO Linux は Linux 向けの強制アクセス制御( MAC )の実装で、システムのセキュリティを高める用途は勿論、システムの解析を行う用途でも使えるツールです。このプロジェクトは2003年3月に始まり、2012年3月までは株式会社NTTデータがスポンサーとなって開発されました。 TOMOYO Linux はシステムの振る舞いに注目します。プロセスは何かの目的を達成するために生成されます。 TOMOYO Linux は(出入国審査官のように)それぞれのプロセスに対して目的を達成するのに必要な振る舞いや資源について報告させることができます。また、保護モードを有効にすることにより、(運用監視人のように)システム管理者により承認された振る舞いと資源へのアクセスのみを許可することもできます。

リリース時刻: 2006-04-01 06:28
ccs-patch 1.1-20060401

名前 サイズ ハッシュ 日付 ダウンロード数
ccs-patch-1.1-20060401.tar.gz 294.06 KB 2006-04-01 06:28 165

リリースノート

リリースノートはありません

変更履歴

Fix 2006/02/21

@ Divide generic-write permission into individual write permissions.

Write permission was divided into the following permissions.

'mkdir' for creating directory.
'rmdir' for deleting directory.
'create' for creating regular file.
'unlink' for deleting non-directory.
'mksock' for creating UNIX domain socket.
'mkfifo' for creating FIFO.
'mkchar' for creating character device.
'mkblock' for creating block device.
'link' for creating hard link.
'symlink' for creating symbolic link.
'rename' for renaming directory or non-directory.
'truncate' for truncating regular file.

The permission check for opening files is done using
conventional read/write/execute permission.

@ Add /proc/ccs/info/mapping.

I added /proc/ccs/info/mapping so that the userland programs
can know the mapping of individual write permissions.

Fix 2006/02/27

@ Fix handling of trailing '\*' in PathMatchesToPattern().

PathMatchesToPattern("/tmp/", "/tmp/\*") returned true
because "\*" matches to "more than or equals to 0 character
until '/' or end". But since this is a comparison between
directory and non-directory, this should not match.

This behavior causes the following security risks.
In enforce mode, allowing "2 /tmp/\*" grants
"mkdir /tmp/" and "rmdir /tmp/" which should be
granted only when "2 /tmp/" is allowed.
In accept mode, "mkdir /tmp/" or "rmdir /tmp/" appends
"2 /tmp/\*" into the domain policy if "file_pattern /tmp/\*"
is in the exception policy.

I changed not to ignore trailing '\*' in the pattern
if pathname ends with '/'.

Fix 2006/03/01

@ Add missing spinlock in GetAbsolutePath().

vfsmount_lock was missing.

Fix 2006/03/08

@ Add support for "shared subtree" mount operations.

Kernel 2.6.15 introduced "shared subtree" functionality.
But CheckMountPermission() couldn't recognize flags for
do_change_type().

@ Add support for more mount flags.

atime/noatime, diratime/nodiratime, recurse/norecurse flags
are supported.

Fix 2006/03/20

@ Check port numbers for only AF_INET/AF_INET6.

CheckBindEntry() and CheckConnectEntry() should check port numbers
only when the given address family is either AF_INET or AF_INET6,
for address family such as AF_UNSPEC could be passed to bind()
and connect() for PF_INET/PF_INET6 sockets.

Fix 2006/03/27

@ Use /proc/self/ rather than /proc/\$/ for current process.

GetAbsolutePath() now uses "self" instead of pid
if current process refers to information related to itself.
This exception violates the rule "TOMOYO Linux's pathnames don't
contain symbolic links before the last '/'", but I think it worth
to do so. The following are the merits gained by this exception.

Prevent administrators from granting redundant permissions
when a process needs to refer to only current process's information.

Allow administrators make current process's information always
readable using 'allow_read' directive.

Version 1.1 2006/04/01 Functionality enhancement release.