This chapter gives guidelines on programming in a secure environment, and a list of new system and library calls available under Trusted IRIX/CMW.
Trusted IRIX/CMW conforms to the specifications in POSIX P1003.1eD15.
There are a number of guidelines that you, as a programmer in a secure environment, should follow:
In order to simplify your work do not duplicate the work done by the Identification & Authentication programs of the system.
Assure that all variables are in bounds.
Reduce global variable usage wherever possible.
Limit the functionality of each module to only one distinct task.
Do not create a procedure that circumvents any of the programmatic flow.
If overrides must be added, document them thoroughly in the code.
By design and principle, minimize the use of privilege required or permitted by your programs.
The following system and library calls are exclusive to Trusted IRIX/CMW. Reference pages exist for each of these calls in reference page sections 2 and 3. Table 8-1 below lists each call and its corresponding action.
Table 7-1. Trusted IRIX/CMW System and Library Calls
System/Library Call | Action |
|---|---|
getlabel(2), setlabel(2) | get/set the mandatory access control label of a file |
getplabel(2), setplabel(2) | get/set the mandatory access control label of a process |
recvl(2), recvlfrom(2), recvlmsg(2) | receive a message and its MAC label from a socket |
recvlu(2), recvlufrom(2), recvlumsg(2) | receive a message, its MAC label, and the UID of the sender from a socket |
satctl(2) | control the collection of audit data |
satread(2) | read a block of audit record data |
satwrite(2) | write a block of audit record data |
acl_copy_ext(3C) | copy ACL from system to user space or from user to system space |
acl_delete_def_file(3C) | delete the default ACL for a named directory |
acl_dup(3C) | make a copy of an ACL |
acl_free(3C) | free memory allocated by ACL interface calls |
acl_from_text(3C) | convert a POSIX ACL string to a struct acl or a struct acl to a POSIX ACL string |
acl_get_fd(3C) | get or set the ACL associated with an open file |
acl_get_file(3C) | get or set the ACL for a pathname |
acl_size(3C) | return the size of an ACL |
acl_valid(3C) | validate an ACL |
cap_acquire(3C) | make permitted set capabilities effective or remove effective capabilities |
cap_clear(3C) | clear the fields of a capability |
cap_copy_ext(3C) | copy capability from system to user space or from user to system space |
cap_dup(3C) | make a copy of a capability |
cap_free(3C) | free allocated capability |
cap_from_text(3C), cap_to_text, cap_value_to_text | convert a POSIX capabilities string to internal form, convert capabilities to a POSIX capabilities string, or return the POSIX name for a capability value |
cap_get_fd(3C), cap_set_fd | get or set the capabilities for an open file |
cap_get_file(3C), cap_set_file | get or set the capabilities for a pathname |
cap_get_flag(3C), cap_set_flag | get or set the value of a capability flag in a capability |
cap_get_proc(3C), cap_set_proc | get or set process capabilities |
cap_init(3C) | allocate a capability stucture |
cap_size(3C) | return the size of a capability |
getspwnam(3) | get a user's name from the administrative database |
getuserinfonam(3), getuserinfouid(3) | get information about a user. |
ia_audit(3) | creates and writes an audit record, using satwrite() |
libperfex(3C), start_counters, read_counters, print_counters, | a procedural interface to R10000 counters |
mac_cleared(3), mac_clearedlbl(3) mac_lowest(3), mac_lowestlbl(3) | report on user's clearance |
mac_label_devs(3C) | relabel all listed character devices |
mac_dom(3) | compare two MAC labels for dominance relationship |
mac_dup(3) | produce a duplicate copy of a MAC label |
mac_equ(3) | compare two MAC labels for the equality relationship |
mac_getlblcomp(3) | get a MAC label component string from the /secadm/label/labelnames file |
mac_getlblname(3) | get a MAC label name from the /secadm/label/labelnames file |
mac_getname(3) | get a MAC label component name entry from a /secadm/label file |
mac_getvalue(3) | get a MAC label component value entry from a /secadm/label file |
mac_invalid(3) | test a MAC label for validity |
mac_labeltostr(3) | convert a binary format MAC label to an ASCII MAC label string |
mac_size(3) | get the size of a MAC label |
mac_strtolabel(3) | convert an ASCII MAC label string to a binary format MAC label |
sat_eventtostr(3), sat_strtoevent(3) | convert an audit event index to or from an audit event string |
sat_intrp_pathname(3C) | Portable interface to interpret sat_pathname structs |
sat_read_file_info(3C), sat_write_file_info, sat_free_file_info | Portable interfaces to read audit file headers |
sat_read_header_info(3C), sat_free_header_info | Portable interfaces to read audit record headers |
sgi_acl_strtoacl(3C), sgi_acl_acltostr | convert a ACL string to a struct acl or convert a struct acl to ACL string |
sgi_cap_cleared(3C) | determine whether a user's allowed capabilities are sufficient |
sgi_cap_set_from_text(3C) | set all capabilities from a capabilities string |
sgi_cap_strtocap(3C), sgi_cap_captostr | convert a capabilities string to a cap_value_t or convert a cap_value_t to a capabilities string |
sgi_getcapabilitybyname(3C) | get the default and allowed capability sets for a named user |