ia64/linux-2.6.18-xen.hg

annotate Documentation/seclvl.txt @ 854:950b9eb27661

usbback: fix urb interval value for interrupt urbs.

Signed-off-by: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com>
author Keir Fraser <keir.fraser@citrix.com>
date Mon Apr 06 13:51:20 2009 +0100 (2009-04-06)
parents 831230e53067
children
rev   line source
ian@0 1 BSD Secure Levels Linux Security Module
ian@0 2 Michael A. Halcrow <mike@halcrow.us>
ian@0 3
ian@0 4
ian@0 5 Introduction
ian@0 6
ian@0 7 Under the BSD Secure Levels security model, sets of policies are
ian@0 8 associated with levels. Levels range from -1 to 2, with -1 being the
ian@0 9 weakest and 2 being the strongest. These security policies are
ian@0 10 enforced at the kernel level, so not even the superuser is able to
ian@0 11 disable or circumvent them. This hardens the machine against attackers
ian@0 12 who gain root access to the system.
ian@0 13
ian@0 14
ian@0 15 Levels and Policies
ian@0 16
ian@0 17 Level -1 (Permanently Insecure):
ian@0 18 - Cannot increase the secure level
ian@0 19
ian@0 20 Level 0 (Insecure):
ian@0 21 - Cannot ptrace the init process
ian@0 22
ian@0 23 Level 1 (Default):
ian@0 24 - /dev/mem and /dev/kmem are read-only
ian@0 25 - IMMUTABLE and APPEND extended attributes, if set, may not be unset
ian@0 26 - Cannot load or unload kernel modules
ian@0 27 - Cannot write directly to a mounted block device
ian@0 28 - Cannot perform raw I/O operations
ian@0 29 - Cannot perform network administrative tasks
ian@0 30 - Cannot setuid any file
ian@0 31
ian@0 32 Level 2 (Secure):
ian@0 33 - Cannot decrement the system time
ian@0 34 - Cannot write to any block device, whether mounted or not
ian@0 35 - Cannot unmount any mounted filesystems
ian@0 36
ian@0 37
ian@0 38 Compilation
ian@0 39
ian@0 40 To compile the BSD Secure Levels LSM, seclvl.ko, enable the
ian@0 41 SECURITY_SECLVL configuration option. This is found under Security
ian@0 42 options -> BSD Secure Levels in the kernel configuration menu.
ian@0 43
ian@0 44
ian@0 45 Basic Usage
ian@0 46
ian@0 47 Once the machine is in a running state, with all the necessary modules
ian@0 48 loaded and all the filesystems mounted, you can load the seclvl.ko
ian@0 49 module:
ian@0 50
ian@0 51 # insmod seclvl.ko
ian@0 52
ian@0 53 The module defaults to secure level 1, except when compiled directly
ian@0 54 into the kernel, in which case it defaults to secure level 0. To raise
ian@0 55 the secure level to 2, the administrator writes ``2'' to the
ian@0 56 seclvl/seclvl file under the sysfs mount point (assumed to be /sys in
ian@0 57 these examples):
ian@0 58
ian@0 59 # echo -n "2" > /sys/seclvl/seclvl
ian@0 60
ian@0 61 Alternatively, you can initialize the module at secure level 2 with
ian@0 62 the initlvl module parameter:
ian@0 63
ian@0 64 # insmod seclvl.ko initlvl=2
ian@0 65
ian@0 66 At this point, it is impossible to remove the module or reduce the
ian@0 67 secure level. If the administrator wishes to have the option of doing
ian@0 68 so, he must provide a module parameter, sha1_passwd, that specifies
ian@0 69 the SHA1 hash of the password that can be used to reduce the secure
ian@0 70 level to 0.
ian@0 71
ian@0 72 To generate this SHA1 hash, the administrator can use OpenSSL:
ian@0 73
ian@0 74 # echo -n "boogabooga" | openssl sha1
ian@0 75 abeda4e0f33defa51741217592bf595efb8d289c
ian@0 76
ian@0 77 In order to use password-instigated secure level reduction, the SHA1
ian@0 78 crypto module must be loaded or compiled into the kernel:
ian@0 79
ian@0 80 # insmod sha1.ko
ian@0 81
ian@0 82 The administrator can then insmod the seclvl module, including the
ian@0 83 SHA1 hash of the password:
ian@0 84
ian@0 85 # insmod seclvl.ko
ian@0 86 sha1_passwd=abeda4e0f33defa51741217592bf595efb8d289c
ian@0 87
ian@0 88 To reduce the secure level, write the password to seclvl/passwd under
ian@0 89 your sysfs mount point:
ian@0 90
ian@0 91 # echo -n "boogabooga" > /sys/seclvl/passwd
ian@0 92
ian@0 93 The September 2004 edition of Sys Admin Magazine has an article about
ian@0 94 the BSD Secure Levels LSM. I encourage you to refer to that article
ian@0 95 for a more in-depth treatment of this security module:
ian@0 96
ian@0 97 http://www.samag.com/documents/s=9304/sam0409a/0409a.htm