#the sidewinder is a BSD based firewall.
Specifically, BSD 2.1 in Sidewinder V4.1 or lower or BSD 4.1 in Sidewinder
V5.
#it is adept at port redirection tactics.
There are a LOT of cool things you can do with the Sidewinder in regards to
port and address redirection.
#to manage the split kernel architecture, it dynamically moves
#all users connections to virtual memory and its own users to
#assist in handling the transition from root like power to operationally
#multiple kernels.
The two kernels are completely seperate. At bootup you must chose which
kernel you are going to use. The admin kernel doesn't load any drivers for
network cards and is in single user mode. The admin kernel is the only
place true UNIX root exists. Type Enforcment (mandatory access controls)
is not enforced in the Admin kernel. The operational kernel enforces Type
Enforcement. It does NOT matter what your UID is in the operational kernel
you must obey the laws of type enforcement first. The operational kernal
has network connectivity.
<At the bottom of this e-mail I included a quick description of how Type
Enforcement works for those of you who want to wade through it. I know
some Sidewinder engineers listen to this list occaisionally so they are
welcome to jump in and correct me.>
#the ability to 'root' the box doesnt exist per se as the user root
#is not allowed to login, but there are times when exploring pushd &
#popd that i've discovered that i wound in the /root dir and with a
#uid=0...hmmmm.
Once again since even UID=0 has to obey Type Enforcement it does not matter
what UID you have. It does matter what Type Enforcement domain your UID is
assigned too. The trick is to change the domain your UID is assigned too
NOT the UID.
#it uses one kernel(admin)for managing configs to DNS, sendmail.cf
#(fragile)certainly dont want it resolving at that point. service
#initiation...rule set table builds, cron and syslog, ftp, telnet,
I think you are mixing up Type Enforcement domains with kernels. It only
loads one kernel.
#you have to tweak them all. the sidewinder came with a
#buggy !!shudder!! Xserver suite....
The GUI is MUCH better now.
Type Enforcement
I will use Sendmail as an example.
Type Enforcement acts a little like extensions to the UNIX file
permissions. Each directory and file on the Sidewinder has a Type
Enforcement which equates to a Type Enforced domain. The file
/etc/mailertable.mta0 (the mailertable for the Sendmail server running on
the internal side of the firewall) has a TE of mtac:conf. This means it is
part of the mtac domain and it is a configuration file. Each daemon is
allowed to acces certain domains. Sendmail can access the mtac domain.
Remember, Type Enforcement supercedes root privileges. This means that
even if Sendmail is running as root, it can only access files and
directories that are part of the mtac domain. If a hacker uses an attack
to compromise the Sendmail server to execute a command then Type
Enforcement has to allow Sendmail to execute that command or an 'operation
not permitted' error will be logged to /var/log/audit.raw and the command
will fail. An interesting test if you have access to a Sidewinder is to
use the ind command to see what can be done in the mtac domain. The ind
command causes another command to be run in a specific domain. Try 'ind
mtac ps -axd'. You will get an 'operation not permitted' error because
that command needs to be run from the Admn domain not the mtac domain. The
same is true for all of the regular UNIX commands. This means that even if
a hacker gains root from an exploit on the Sendmail daemon he cannot access
anything not allowed by Type Enforcement in the mtac domain and he cannot
use regular UNIX commands. He would need to penetrate the Admn domain from
the mtac domain without using his normal tools. The hacker could probably
stop the Sendmail servers from running properly by using a common exploit
but that is about it. The Admn domains has access to multiple domains so
it is probably the most important domain on the Sidewinder. Most of the
commands on the Sidewinder have a Type Enforcement similar to Kern:exec,
Kern:scrp, $Sys:exec ect. The first part of Type Enforcement is the
domains and the second part descripes the file. I am not allowed to edit
or change the Type Enforcement of anything in the $Sys domain but if I
belong to the admin domain I can execute anything that ends in scrp or exec
even if it is in the $Sys domain. There is a database of all of the access
allowed to each domain in a MySQL database. This database is checked every
time a command is executed on the box. There is a whitepaper on Type
Enforcement at http://www.securecomputing.com/index.cfm?sKey=26.
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
