6 Enhancing security with WLI
This section describes basic operations that are intended to help the reader gain familiarity with WLI. This section assumes:
•WLI is successfully initialized.
•At least one administrator key is created.
•The WLI security mode is restricted.
•Both ibac and flac security attributes are enabled.
For details on setting WLI security attributes, see wlisyspolicy(1M).
6.1 Signing an executable binary
In the following example, a user wants to sign /usr/bin/vi to make it an authorized executable. Only authorized executables can be designated to access
User procedure:
1.Create an RSA key as described in Section 3.1 (page 19).
2.Store the private and public key files in the home directory as joepriv1 and joepub1.
3.Copy the binary:
%cd /home/joe; cp /usr/bin/vi joe_vi
4.Adjust permissions:
%chmod ug+w joe_vi
5.Sign it:
%wlisign -a -k joepriv1 joe_vi
For a process executing joe_vi to be authenticated, the public key must be stored in the WLI database. Storing the public key in the database requires an administrator key.
Administrator procedure:
•Use the private key admin.pvt to authorize the user’s public key for signature verification:
% wlicert -i joe.key1 -k admin.pvt /home/joe/joepub1
The public key is now in the WLI database and available for verifying signatures in both signature and policy metadata. The joe_vi command will authenticate when it is used to open files that specify it in an IBAC policy.
6.2 Creating a FLAC policy
A user owns file /home/joe/joefile and wants to make it available to all, but protect it against modification or deletion by all other users including superuser.
User procedure:
1.Create an RSA key as described in Section 3.1 (page 19).
2.Store the private and public key files as joepriv and joepub. The user has chosen /home/ joe for key storage in the following steps.
3.Create the FLAC policy:
% wlipolicy -f -a -k /home/joe/joepriv /home/joe/joefile
6.1 Signing an executable binary | 29 |