work present in FreeBSD 7.0 to refine the kernel privilege model:
- Introduce support for jail as a testing variable, in order to
confirm that privileges are properly restricted in the jail
environment.
- Restructure overall testing approach so that privilege and jail
conditions are set in the testing infrastructure before tests
are invoked, and done so in a custom-created process to isolate
the impact of tests from each other in a more consistent way.
- Tests now provide setup and cleanup hooks that occur before and
after the test runs.
- New privilege tests are now present for several audit
privileges, several credential management privileges, dmesg
buffer reading privilege, and netinet raw socket creation.
- Other existing tests are restructured and generally improved as
a result of better framework structure and jail as a variable.
For exampe, we now test that certain sysctls are writable only
outside jail, while others are writable within jail. On a
similar note, privileges relating to setting UFS file flags are
now better exercised, as with the right to chmod and utimes
files.
Approved by: re (bmah)
Obtained from: TrustedBSD Project
implemented properly for a number of kernel subsystems. In general, they
try to exercise the privilege first as the root user, then as a test user,
in order to determine when privilege is being checked.
Currently, these tests do not compare inside/outside jail, and probably
should be enhanced to do that.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
