This article introduces Microsoft Window!s "ntegrity #evel as the first form of Mandatory Access Control delivered on a Windows $latform commercial $roduct. It demonstrates it!s o$eration via a $roof'of'conce$t $rogram written s$ecifically for this research access Control( in our conte%t( can be understood as a mechanism res$onsible for mediating the user attem$
Descrição original:
Título original
Dclabs Arrival of Mandatory Access Control on Windows 2010
This article introduces Microsoft Window!s "ntegrity #evel as the first form of Mandatory Access Control delivered on a Windows $latform commercial $roduct. It demonstrates it!s o$eration via a $roof'of'conce$t $rogram written s$ecifically for this research access Control( in our conte%t( can be understood as a mechanism res$onsible for mediating the user attem$
This article introduces Microsoft Window!s "ntegrity #evel as the first form of Mandatory Access Control delivered on a Windows $latform commercial $roduct. It demonstrates it!s o$eration via a $roof'of'conce$t $rogram written s$ecifically for this research access Control( in our conte%t( can be understood as a mechanism res$onsible for mediating the user attem$
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
The Arrival of Mandatory Access Control(MAC)
on the Windows Platform Arthur Aguiar honestworker@dclabscombr Abstract This article introduces Microsoft Window!s "ntegrity #evel as the first form of Mandatory Access Control delivered on a Windows $latform commercial $roduct We e%amine it&s im$lementation and demonstrate it!s o$eration via a $roof'of'conce$t $rogram written s$ecifically for this research Access Control( in our conte%t( can be understood as a mechanism res$onsible for mediating the user attem$t to access a system resource( for the sake of $rotecting the aforementioned resource from ina$$ro$riate or undesired access( in other words( safeguarding it&s confidentiality and integrity There are two o$$osing Access Control Models that we&ll be discussing on this article( )iscretionary Access Control()AC) and Mandatory Access Control(MAC) The )AC model allows the user( owner of the resource( to assign access rights to it at their will(at their own discretion)( $laying an active role on the information flow *undamentally( this model $resents two flaws that can be e%am$lified with two situations+ ' ,werson who owns a certain resource decides to grant read $ermissions to -odrigo on that ob.ect /nce it is done( nothing $revents -odrigo from co$ying the content to an ob.ect(or location) that -odrigo owns and therefore has control over it( thus being able to grant $ermissions to a third user ' "f -odrigo convinces ,werson to e%ecute a malicious $rogram that at the it&s surface seems to $ersuite a legitimate ob.ective( but that also contains instructions to co$y a resource&s information to a location where ,werson and -odrigo have access( he&d suceed acessing and taking control over that ob.ect This is the traditional model $resent on every modern o$erating system "n it&s materiali0ed form( it could be seen as 1T*2 $ermissions controlling file access on Microsoft Windows Platforms /n the other hand( the ma.or characteristic of the MAC model is that the access to ob.ects is e%ternally regulated in a way that ordinary users have no influence over it 3ser&s(and sub.ects( that is( $rograms acting on their behalf) and resources(ob.ects) are given a certain hierarchical security level that are constrained by statically defined relationshi$s There are two well'known formal models that describe im$lementations of MAC( 4ell' #a$adula (4ell( ) ,( and # 5 #aPadula( 2ecure Com$uter 2ystems+ Mathematical *oundations and Model( 4edford( MA+ The Mitre Cor$oration( 6789) and 4iba (4iba( : 5( "ntegrity Considerations for 2ecure Com$uter 2ystems( 4edford( MA+ The 6 Dclabs Mandatory Access Control on Microsoft Windows 12/2010 M"T-, Cor$oration( 6788) 4ell'#a$adula&s is based on two $ro$erties+ 2im$le security $ro$erty+ A sub.ect is $ermitted read access to an ob.ect if the sub.ect;s security level dominates the security level of the ob.ect 2tar $ro$erty+ A sub.ect is $ermitted write access to an ob.ect if the ob.ect;s security level dominates the security level of the sub.ect Therefore( if we think of the following set of security levels 3nclassified( Confidential( 2ecret and To$ 2ecret( we can revisit ,werson and -odrigo&s $reviously given scenarios and derive the following conclusions(assuming ,werson( who has To$ 2ecret level( has a hierarchically higher security level than -odrigo&s( 2ecret)+ ' )is$ite ,werson&s decision to grant read access to -odrigo on the resource( the 2im$le security $ro$erty would $revent -odrigo from reading the information( for the ob.ect&s security level dominates -odrigo&s ' ,ven if -odrigo convinced ,werson to e%ecute the malicious $rogram( ,werson wouldn&t be able to write information to a location where -odrigo has access( for according to the 2tar $ro$erty he can not write to an ob.ect&s that has a lower security level(it could( however( be used to destroy<alter the resource) The 4ell'#a$adula model aims $reserving the resource&s(ob.ect) confidentiality 4iba&s model( on the other hand( is focused on the resource&s integrity and is based on another two $ro$erties+ 2im$le integrity $ro$erty+ A sub.ect is $ermitted read access to an ob.ect if the ob.ect;s security level dominates the security level of the sub.ect "ntegrity star $ro$erty+ A sub.ect is $ermitted write access to an ob.ect if the sub.ect;s security level dominates the security level of the ob.ect 1ow( having the Critical( "m$ortant and /rdinary levels( from the user&s $ers$ective the level re$resents it&s trustworthiness in terms of modification of information and the ob.ect&s level reflects it&s sensibility regarding it&s modification /nce again( using the same scenarios+ ' -odrigo can now read the contents of the resource ' =owever( a malicious $rogram wouldn&t be able to destroy<alter that resource The Windows "ntegrity #evel( available for the first time on Windows >ista ( resembles 4iba&s model in the sense that a lower "ntegrity #evel sub.ect can not modify a higher'level ob.ect The levels 3ntrusted( #ow( Medium( =igh and 2ystem corres$ond to the user trustworthiness The ? Dclabs Mandatory Access Control on Microsoft Windows 12/2010 default level assigned to normal users and to resources(files and registry keys( for instance) that do not have a e%$licit label is Medium The user "ntegrity #evel is defined on the access token(a data structure generated during the logon $rocess that works as a security $rofile @ security conte%t @ to be consulted every time accessing an ob.ect is reAuired) and $rocess running on his behalf inherit his "ntegrity #evel The ob.ects (files or registry keys( for instance) have their integrity level found in their security descri$tor(a data structure that stores information about who can $erform what actions on an ob.ect)( more s$ecifically( on their 2AC# ,ach security descri$tor has a 2AC#(2ystem Access Control #ist) and a )AC#()iscretionary Access Control #ist) The former carries the auditing information and the "ntegrity #evel and the later s$ecifies who has what access to the ob.ect Biven that the 2AC# "ntegrity #evel is always checked before the )AC#( during the validation of an access reAuest( the "ntegrity #evel overrides the $ermissions enlisted on the )AC# As of today( Microsoft doesn&t $rovides a gra$hical interface for changing "ntegrity #evels and to be honest they should kee$ it that way As a $roof'of'conce$t( " have written a C $rogram that allows us to set the "ntegrity #evels for files by using the Windows AP" "t&s called macwine%e and it can be downloaded from htt$+<<wwwdclabscombr<toolshtml We&ll be using that tool to demonstrate the $recedence of "ntegrity #evel Mandatory Access Control over the 1T*2 $ermissions(a )iscretionary Access Control) #et&s .um$ into that tool&s source code to understand how the label assignment works under the hood The Create)escri$tor function $arses the command'line arguments and convert the user choices into a 2AC# AC,(Access Control ,ntry) formatted as a string according to the 2))#(2ecurity )escri$tor )efinition #anguage) *or reference+ htt$+<<msdnmicrosoftcom<en' us<library<bbC?D7DEas$%) "t does so by changing the values of F and GG that re$resent the Mandatory Policy and the "ntegrity #evels res$ectively (2AC# AC, creation as a 2))# string( taken from macwin>6c) 9 Dclabs Mandatory Access Control on Microsoft Windows 12/2010 /nce we have the 2))# string( it is $assed to another function(that belongs to the Windows AP")( Convert2tring2ecurity)escri$torTo2ecurity)escri$tor( whose ob.ective is to convert that string into a valid security descri$tor structure The str)escri$tor variable has the string generated by the $revious function and $)escri$tor takes a $ointer to the generated valid 2ecurity )escri$tor structure (*unction that converts the 2))# string to a valid 2ecurity )escri$tor structure) The ne%t ste$ is to stri$ only the 2AC# $ortion of the 2ecurity )escri$tor via the Windows AP" function called Bet2ecurity)escri$tor2acl that takes the $ointer to the 2ecurity )escri$tor( $)escri$tor( as one of it&s $arameters and returns a $ointer to it&s 2AC# (*unction that stri$s off the 2AC# of the 2ecurity )escri$tor structure) #ast but not least( yet another Windows AP" function( 2et1amed2ecurity"nfo( is called to actually do the work of setting the mandatory label "t takes the strPath variable that has the $ath of the file that will get the label and the 2AC# gathered by the $revious function "t&s worth to notice that a s$ecific ty$e of 2,C3-"TGH"1*/-MAT"/1 was used( one e%clusively used for mandatory integrity labels( the #A4,#H2,C3-"TGH"1*/-MAT"/1 I Dclabs Mandatory Access Control on Microsoft Windows 12/2010 (*unction that actually does the work of setting the label) With very few omissions( that is what the macwine%e tool does "t changes the "ntegrity #evel of file ob.ects We can now $roceed to the demonstration *or this e%$eriment( 9 user accounts have been created+ userlow( usermedium( userhigh The first two are ordinary users but userhigh belongs to the Administrators grou$( thus the first two were su$$osed to have Medium "ntegrity #evel and the third gets the =igh "ntegrity #evel Biven that we wanted to a sam$le of all the three "ntegrity #evels (#ow( Medium( =igh)( " had to do a workaround to get a $rocess to run with #ow "ntegrity #evel What " did was to use macwine%e to set the "ntegrity #evel of a cmde%e co$y called cmd'lowe%e to #ow( therefore when userlow launches cmd'lowe%e it assumes the "ntegrity #evel of the dominated sub.ect( that is( cmd'lowe%e (2ysinternal&s Process ,%$lorer dis$laying cmde%e instances with #ow( Medium( =igh "ntegrity #evels) All three users were granted *ull Control 1T*2 $ermissions over the directory 3+Jtm$Jdclabs and over a file called testfilet%t whose initial "ntegrity #evel was set to #ow At the first moment( all users are able to read and to write to testfilet%t Then( macwine%e was used to add a Medium "ntegrity #evel to that file 3serlow lost it&s ca$ability to read or write to the file At a second moment( the label has been change to =igh "ntegrity #evel and neither userlow nor usermedium were able to read or to write to that file D Dclabs Mandatory Access Control on Microsoft Windows 12/2010 (All three users have full control 1T*2 $ermissions) (All three users can read the file) C Dclabs Mandatory Access Control on Microsoft Windows 12/2010 (All three users can write at the first moment) (The ob.ect&s "ntegrity #evel gets changed to Medium with the 1o'-ead'3$ Mandatory Policy) 8 Dclabs Mandatory Access Control on Microsoft Windows 12/2010 (3serlow can no longer access the file( for the file "ntegrity #evel dominates it&s "ntegrity #evel) ( The ob.ect&s "ntegrity #evel gets changed again( this time to =igh with 1o'-ead'3$) E Dclabs Mandatory Access Control on Microsoft Windows 12/2010 (This time only userhigh was able to read the file dis$ite the *ull Control 1T*2 $ermissions granted to both userlow and usermedium) Conclusion ,ven if the im$lementation isn&t strictly com$liant to what is e%$ected from a Mandatory Access Control( because there are some flaws like not having a e%$licit label for all the ob.ects in system and the lack of more levels(the #ow level e%$ected usage was originally thought as a mean to refrain unstrusted software from acessing the registry keys and user files)( one can certainly affirm that it is a significant im$rovement that unveils a road towards a safer general'$ur$ose /$erating 2ystem 7 Dclabs Mandatory Access Control on Microsoft Windows 12/2010 References FARRAIOO! Da"id# $%&'! Ric(ard# C&A'DRAMO%I! Ra)aswa)y* -ole'based access control1orwood+ Artech =ouse( ?KK9 R%++I'O,IC&! Mar-# +OOMO'! Da"id# IO'.+C%! Ale/* Windows "nternals D th ,d -edmond+ Microsoft Press( ?KK7 O+COCCO! 0eter et al The "nevitability of *ailure+ The flawed assum$tion of security in modern com$uting environments Proceedings of the ?6st 1ational "nformation 2ystems 2ecurity Conference ($$ 9K9'96I) 677E 6K Dclabs Mandatory Access Control on Microsoft Windows 12/2010 A00.'DI1 2ource code+ macwin>6c @2=A?DC KdEbD?DKDKD?8db78DDd?a7I9C9C9DaK7EK8D79aeafEbCKbaIcIcIbK8eCafdfd <L L LLLLLLLLLLL )clabs LLLLLLLLLLLLL L *ile+ macwin>6c L Abstract+ This utility is meant to demonstrate the o$eration L of Mandatory Access Controls in Windows 1T MN C% L "t can be used to set an "ntegrity #abel that enforces a L access control $olicy inde$ent of the file system $ermissions L L Comments+ must be linked to adva$i9?lib and kernel9?lib L L #ast u$date+ Arthur Aguiar( 6?<69<?K6K L L (C) Arthur Aguiar ?K6K( ?K66 <'''''''''''''''''''''''''''''''''''''''''''''''''''''L<
<<C $re'$rocessor statements O Auick+ P$re$ <L''''''''''''''''''''''''''''''''''''''''''''''''''''L< Pdefine >,-2"/1H"1*/ Qv6KQ Pinclude RwindowshN Pinclude R2ddlhN Pinclude RAccCtrlhN Pinclude RAcla$ihN <<*unction $rototy$es O Auick+ P$rot <L''''''''''''''''''''''''''''''''''''''''''''''''''''L< char LParsePath(charL)S 4//# >alidate/2(void)S void ,levate(void)S char LCreate)escri$tor(charL( charL)S 4//# 2et#abel(charL( charL)S void Print=el$(charL)S int main(int argc( char LargvTU) V char LstrPathS char Lstr)escri$torS <L "1P3T >A#")AT"/1 6) *our command line arguments ?) 1one of them null 9) *irst and second args eAual 6 character Third less than ?DI long I) Characters - or W or W on the first $osition of first argument( characters # or M or = or 2( on the first $osition of second arg L< if ( (argc MM I) XX Y((argvT6U MM 13##) OO (argvT?U MM 13##) OO (argvT9U MM 13##)) XX ((strlen(argvT6U) MM 6) XX (strlen(argvT?U) MM 6) XX (strlen(argvT9U) R ?DI)) XX ((strcs$n(argvT6U(Q-WWQ) MM K) XX (strcs$n(argvT?U(Q#M=2Q) MM K)) ) V << The o$erating system should be 1T C% or greater if (Y>alidate/2()) V $rintf(QThis $rogram may or may not work as e%$ectedJnQ)S Z 66 Dclabs Mandatory Access Control on Microsoft Windows 12/2010 << Change current $rocess token to read 2AC# ,levate()S if ((strPath M (charL)malloc(MAWHPAT=Lsi0eof(char))) MM 13##) V $rintf(QMemory allocation errorJnQ)S $rintf(Q,rror+ [dQ( Bet#ast,rror())S e%it(6)S Z if ((str)escri$tor M (charL)malloc(6DLsi0eof(char))) MM 13##) V $rintf(QMemory allocation errorJnQ)S $rintf(Q,rror+ [dQ( Bet#ast,rror())S e%it(6)S Z << /h cra$( we must esca$e backward slashes strPath M ParsePath(argvT9U)S <L Create)escri$tor builds u$ whatever the user choses for the label in a 2))# format "t returns the 2))# string to str)escri$tor L< str)escri$tor M Create)escri$tor(argvT6U(argvT?U)S << Bo *rankstein( do the real work Attem$t to set the label if (2et#abel(strPath( str)escri$tor))V $rintf(QJnThe new MAC label has been sucessfully addedJnJnQ)S Z << Cleaning u$ the house *ree allocated memory free(strPath)S free(str)escri$tor)S Z else V << /h yeah( user mistake Bo read our hel$ notice Print=el$(argvTKU)S return 6S Z return KS Z << end of main() <L Takes two char $ointers as $arameters *irst the file system ob.ect to set the label for( the second is the security descri$tor re$re' senting the new label in 2))# format "t returns true if the label has been sucessfully set and false for anything else L< 4//# 2et#abel(char LstrPath( char Lstr)escri$tor) V P2,C3-"TGH),2C-"PT/- $)escri$tor M 13##S PAC# $2acl M 13##S 4//# bol2aclPresent M *A#2,S 4//# bol2acl)efault M *A#2,S )W/-) dw-esult M KS <L This Windows AP" function takes a security descri$tor in 2))# format and returns an actual security descri$tor structure The 2))# re$resents the desired MAC label -eferences+ htt$+<<msdnmicrosoftcom<en'us<library<aa98CIK6[?EvMvsED[?7as$% htt$+<<msdnmicrosoftcom<en'us<library<aa987D8K[?EvMvsED[?7as$% L< if (Convert2tring2ecurity)escri$torTo2ecurity)escri$tor( str)escri$tor( 2))#H-,>"2"/1H6( X$)escri$tor( 6? Dclabs Mandatory Access Control on Microsoft Windows 12/2010 13##) MM K) V $rintf(Q*ailure converting string to security descri$torJnQ)S $rintf(Q,rror+ [dJnQ( Bet#ast,rror())S #ocal*ree($)escri$tor)S return *A#2,S Z <L This Windows AP" function retrieves the 2AC# $ortion of the built security descri$tor structure -eference+ htt$+<<msdnmicrosoftcom<en'us<library<aaIICCD9[?E>2ED[?7as$% L< if (Bet2ecurity)escri$tor2acl( $)escri$tor( Xbol2aclPresent( X$2acl( Xbol2acl)efault) MM K) V $rintf(Q*ailure retrieving security descri$torJnQ)S $rintf(Q,rror+ [dJnQ( Bet#ast,rror())S #ocal*ree($)escri$tor)S return *A#2,S Z <L This Windows AP" function takes the 2AC# structure retrieved by the former function and add it to the file indicated by strPath "t&s worth to notice tha the second $arameter indicates that the o$eration will take $lace on a file or directory Additionally( the #A4,#H2,C3-"TGH"1*/-MAT"/1 is now a valid ty$e for 2,C3-"TGH"1*/-MAT"/1 -eferences+ htt$+<<msdnmicrosoftcom<en'us<library<aa987D87[?EvMvsED[?7as$% htt$+<<msdnmicrosoftcom<en'us<library<aa987D79[?EvMvsED[?7as$% htt$+<<msdnmicrosoftcom<en'us<library<aa987D89[?EvMvsED[?7as$% L< dw-esult M 2et1amed2ecurity"nfo( strPath( 2,H*"#,H/45,CT( #A4,#H2,C3-"TGH"1*/-MAT"/1( 13##( 13##( 13##( $2acl )S if (dw-esult YM ,--/-H23CC,22) V $rintf(Q*ailed changing labelYYJnQ)S $rintf(Q,rror+ [dJnQ( Bet#ast,rror())S #ocal*ree($)escri$tor)S return *A#2,S Z << Cleaning u$ the house *ree resources #ocal*ree($)escri$tor)S return T-3,S Z <<end of 2et#abel() <L This function take two char $ointers as it&s $arameters *irst one is the $olicy and it&s either -(W or W( standing for 1o'-ead'3$( 1o'Write'3$( 1o',%ecute'3$ res$ectively 2econd is the integrity level and it&s either #(M(=(2( standing for #ow( Medium( =igh and 2ystem The char array( arrChr)escri$tor( is a 2AC# AC, that translates to the desired MAC label "t&s F and GG letters are re$laced according to the user chosen $olicy and integrity level "t returns the 2AC# AC,L< 69 Dclabs Mandatory Access Control on Microsoft Windows 12/2010 char LCreate)escri$tor(char LstrPolicy( char Lstr#evel) V static char arrChr)escri$torT6CUS char chrTy$e M LstrPolicyS char chr#evel M Lstr#evelS arrChr)escri$torTKU M &JK&S strc$y(arrChr)escri$tor( Q2+(M#SS1FSSSGG)Q)S switch (chrTy$e) V case &-&+ arrChr)escri$torTEU M &-&S breakS case &W&+ arrChr)escri$torTEU M &W&S breakS case &W&+ arrChr)escri$torTEU M &W&S breakS default+ arrChr)escri$torTEU M &-&S Z switch (chr#evel) V case &#&+ arrChr)escri$torT6?U M &#&S arrChr)escri$torT69U M &W&S breakS case &M&+ arrChr)escri$torT6?U M &M&S arrChr)escri$torT69U M &,&S breakS case &=&+ arrChr)escri$torT6?U M &=&S arrChr)escri$torT69U M &"&S breakS case &2&+ arrChr)escri$torT6?U M &2&S arrChr)escri$torT69U M &"&S breakS default+ arrChr)escri$torT6?U M &#&S arrChr)escri$torT69U M &W&S Z return arrChr)escri$torS Z <<end of Create)escri$tor() <L This function takes a char $ointer $arameter The $arameter should be a file or folder $ath "t goes through a newbie'level algorithm to handle de backward slashes "t returns the formatted file or folder $ath L< char LParsePath(charL strPath) V char LstrTokenS char LstrParsedPathS static char arrChrPathTMAWHPAT=\6US 6I Dclabs Mandatory Access Control on Microsoft Windows 12/2010 arrChrPathTKU M &JK&S if ((strToken M (char L)malloc(MAWHPAT=Lsi0eof(char))) MM 13##) V $rintf(QMemory allocation errorJnQ)S $rintf(Q,rror+ [dQ( Bet#ast,rror())S e%it('D)S Z if ((strParsedPath M (char L)malloc(MAWHPAT=Lsi0eof(char))) MM 13##) V $rintf(QMemory allocation errorJnQ)S $rintf(Q,rror+ [dQ( Bet#ast,rror())S e%it('D)S Z strToken M strtok(strPath( QJJQ)S strc$y(strParsedPath( strToken)S strParsedPath M strcat(strParsedPath( QJJJJQ)S do V strToken M strtok(&JK&( QJJQ)S if (strToken) V strParsedPath M strcat(strParsedPath( strToken)S strParsedPath M strcat(strParsedPath( QJJJJQ)S Z Z while(strToken)S strc$y(arrChrPath(strParsedPath)S arrChrPathTstrlen(arrChrPath)'6U M &JK&S arrChrPathTstrlen(arrChrPath)'6U M &JK&S free(strToken)S free(strParsedPath)S return arrChrPathS Z <<end of ParsePath() <L This function takes no $arameters and has no return value "t&s $ur$ose is to by com$liant to 2et1amed2ecurity"nfo reAuirements for mani$ulating ob.ect&s 2AC# L< void ,levate(void) V =A1)#, hProcessS #3") $#uidS T/:,1HP-">"#,B,2 tkPrivilegesS if (/$enProcessToken(BetCurrentProcess()( T/:,1H]3,-G O T/:,1HA)532THP-">"#,B,2( XhProcess) MM K ) V $rintf(QCouldn&t retrieve token handleJnQ)S $rintf(Q,rror+ [dJnQ( Bet#ast,rror())S e%it('I)S Z if (#ooku$Privilege>alue(13##( 2,H2,C3-"TGH1AM,( X$#uid) MM K ) V $rintf(QCouldn&t retrieve token 3niAue "dentifierJnQ)S $rintf(Q,rror+ [dJnQ( Bet#ast,rror())S Close=andle(hProcess)S e%it('I)S Z tkPrivilegesPrivilegeCount M 6S 6D Dclabs Mandatory Access Control on Microsoft Windows 12/2010 tkPrivilegesPrivilegesTKU#uid M $#uidS tkPrivilegesPrivilegesTKUAttributes M 2,HP-">"#,B,H,1A4#,)S if (Ad.ustTokenPrivileges(hProcess( *A#2,( XtkPrivileges( si0eof(T/:,1HP-">"#,B,2)( 13##( 13##) MM K ) V $rintf(QCouldn&t elevate $rivilegeJnQ)S $rintf(Q,rror+ [dJnQ( Bet#ast,rror())S Close=andle(hProcess)S e%it('I)S Z Close=andle(hProcess)S returnS Z <<end of ,levate() <L This $rogram is known to work on Windows 1T C% or greater This function takes no $arameter and return true if the /2 >ersion is eAuivalent to 1T CW or greater " can foresee many $otential users attem$ting to run it under Windows WP or Windows ?KK9 L< 4//# >alidate/2(void) V /2>,-2"/1"1*/ os>ersionS FeroMemory(Xos>ersion( si0eof(/2>,-2"/1"1*/))S os>ersiondw/2>ersion"nfo2i0e M si0eof(/2>,-2"/1"1*/)S if (Bet>ersion,%(Xos>ersion) MM K) V $rintf(Q"m$ossible to figure out /2 versionJnQ)S $rintf(Q,rror+ [dJnQ( Bet#ast,rror())S return *A#2,S Z if (os>ersiondwMa.or>ersion R C) V $rintf(QThere is no "ntegrity #evel on this /2 >ersionJnQ)S $rintf(QThere is no use for this $rogramJnQ)S $rintf(Q-un it with 'h $arameter for additional informationJnQ)S e%it('9)S Z return T-3,S Z <<end of >alidate/2() << This one is self e%$lanatory and " refuse to document it void Print=el$(char Lstr*ile1ame) V const char L),2C-"PT"/1 M QThis utility is meant to demonstrate the o$erationJnQ Qof Mandatory Access Controls in Windows 1T C%JnJnQ QJtR$olicyNJnQ QJtJt - ' 1o'-ead'3$JnQ QJtJt W ' 1o'Write'3$JnQ QJtJt W ' 1o',%ecute'3$JnJnQ QJtRlevelNJnQ QJtJt # ' #ow "ntegrity #evelJnQ QJtJt M ' Medium "ntegrity #evelJnQ QJtJt = ' =igh "ntegrity #evelJnQ QJtJt 2 ' 2ystem "ntegrity #evelJnJnQ QJtRfile'$athNJnQ QJtThe absolute $ath of the file that you&d likeJnQ 6C Dclabs Mandatory Access Control on Microsoft Windows 12/2010 QJtto have it&s label changed(eg c+JJmyfolderJJmyfilee%t)JnJnQ Q''''''''''''''''''''''''''''''''''''''''''''' JnQ Q*or a brief introduction( read my article at+ JnQ Qwwwdclabscombr JnQ Q2uggestions or comments+ JnQ Qarthur@grande'redecomJnQS $rintf(QJnJt )clabs ' Windows Mandatory Access Control ),M/JnQ)S $rintf(QJtJt =onestWorker( ?K6K'?K66 [sJnQ( >,-2"/1H"1*/)S $rintf(QJtLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLJnQ)S $rintf(Q32AB,+ [s R$olicyN RlevelN Rfile'$athNJnJnQ( str*ile1ame)S $rintf(Q[sQ( ),2C-"PT"/1)S returnS Z <<end of Print=el$() 68
The Practice of Cloud System Administration Designing and Operating Large Distributed Systems by Thomas A. Limoncelli, Strata R. Chalup, Christina J. Hogan PDF