[src/netbsd-3]: src/lib/libc/gen Pull up revision 1.150 (requested by elad in...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c05847ae4a5f
branches:  netbsd-3
changeset: 576371:c05847ae4a5f
user:      tron <tron%NetBSD.org@localhost>
date:      Sat Jul 02 15:51:13 2005 +0000

description:
Pull up revision 1.150 (requested by elad in ticket #487):
More veriexec changes:
- Better organize strict level. Now we have 4 levels:
- Level 0, learning mode: Warnings only about anything that might've
resulted in 'access denied' or similar in a higher strict level.
- Level 1, IDS mode:
- Deny access on fingerprint mismatch.
- Deny modification of veriexec tables.
- Level 2, IPS mode:
- All implications of strict level 1.
- Deny write access to monitored files.
- Prevent removal of monitored files.
- Enforce access type - 'direct', 'indirect', or 'file'.
- Level 3, lockdown mode:
- All implications of strict level 2.
- Prevent creation of new files.
- Deny access to non-monitored files.
- Update sysctl(3) man-page with above. (date bumped too :)
- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
longer needed.
- Simplify veriexec_removechk() in light of new strict level policies.
- Eliminate use of 'securelevel'; veriexec now behaves according to
its strict level only.

diffstat:

 lib/libc/gen/sysctl.3 |  22 ++++++++++++----------
 1 files changed, 12 insertions(+), 10 deletions(-)

diffs (44 lines):

diff -r 91412a0064ad -r c05847ae4a5f lib/libc/gen/sysctl.3
--- a/lib/libc/gen/sysctl.3     Sat Jul 02 15:51:06 2005 +0000
+++ b/lib/libc/gen/sysctl.3     Sat Jul 02 15:51:13 2005 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: sysctl.3,v 1.142.2.3 2005/06/10 15:19:14 tron Exp $
+.\"    $NetBSD: sysctl.3,v 1.142.2.4 2005/07/02 15:51:13 tron Exp $
 .\"
 .\" Copyright (c) 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"    @(#)sysctl.3    8.4 (Berkeley) 5/9/95
 .\"
-.Dd May 24, 2005
+.Dd June 17, 2005
 .Dt SYSCTL 3
 .Os
 .Sh NAME
@@ -897,15 +897,17 @@
 Verified Exec will treat various situations.
 In strict level 0, the system is in learning mode and will only warn about
 fingerprint mismatches, aswell as allow removal of fingerprinted files.
-In strict level 1, the system is in normal mode.
-It will enforce indirect
-execution if needed, prevent access to files with a fingerprint mismatch,
-and prevent removal of fingerprinted files.
-It will also prevent execution of files with no fingerprint.
-In strict level 2, the system is in critical mode.
+It is the only level where fingerprints can be loaded.
+In strict level 1, the system is in IDS mode.
+It will deny access to files with mismatched fingerprints.
+In strict level 2, the system is in IPS mode.
 It has all effects of
-strict level 1, plus it will deny access (read, write, exec, and delete)
-to files without a valid fingerprint.
+strict level 1, plus it will deny write access to monitored files,
+prevent their removal, and enforce access type (direct, indirect, file).
+Strict level 3 operates as lockdown mode. It will have all effects of
+strict level 2, but it will also prevent access to non-monitored files.
+Furthermore, it will prevent addition of new files to the system, and
+allow writing only to files opened before the strict level was raised.
 .It Li VERIEXEC_ALGORITHMS
 Returns a string with the supported algorithms in Verified Exec.
 .It Li VERIEXEC_COUNT