This is the main README for LOMAC v1.1.1 for Linux.

LOMAC is an attempt to make an easily-adoptable form of MAC integrity
protection available to the Free UNIX community without the
discouraging necessity of kernel modifications.  LOMAC implements a
simple form of MAC integrity protection based on Biba's Low Water-Mark
model in a Linux Loadable Kernel Module (LKM).  Although it trades off
some of the advanced MAC features found in traditional MAC
implementations, LOMAC provides useful integrity protection without
any modifications to the kernel, applications, or their existing
configurations.  LOMAC is designed to be compatible with existing
software, and ships with a one-size-fits-all default configuration.
LOMAC may be used to harden currently-deployed Linux systems simply by
loading the LKM into the kernel shortly after boot time.

LOMAC is Free software.  The latest release is available for download
under a 3-clause BSD-style license from:

             http://opensource.nailabs.com/lomac.

More detailed information about LOMAC, its use, the protection it
provides, and its relation to other Linux MAC projects can be found in
the LOMAC Manual, included under the Doc subdirectory of this
distribution.

In addition, there are two conference papers describing LOMAC:

1. Fraser, Timothy, "LOMAC: Low Water-Mark Integrity Protection for
   COTS Environments", Proceedings of the 2000 IEEE Symposium on
   Security and Privacy, Berkeley, California, pp. 230-245, May, 2000.

   This paper describes the theoretical aspects of LOMAC, describing
   its compatibility goals and explains why the Low Water-Mark form of
   MAC is especially suitable for meeting them.

2. Fraser, Timothy, "LOMAC: MAC You Can Live With", Proceedings of the
   FREENIX Track: USENIX Annual Technical Conference, Boston,
   Massachusetts, June, 2001.

   This paper describes the implementation of the 1.1.0 version of
   LOMAC, emphasising the aspects of LOMAC's design that allow it to
   operate on unmodified Linux kernels.

Both of these papers are available for download from the LOMAC web
site at the URL shown above.

LOMAC is sufficiently robust for everyday use.  All LOMAC development
since v0.3pre5 has been done on machines running LOMAC, as has the
preparation the above conference papers, this release tarbal, and this
README file.  

Although it is sufficiently stable for everyday use, LOMAC is not
bug-free.  Some security-relevant operations are not yet controlled by
LOMAC, including reboot, mmap, and all forms of System V IPC.  Other
operations have only partial controls.  See the BUGS file for details.
As LOMAC development continues, we expect to address these problems.
Nevertheless, we believe that LOMAC presently provides sufficient
protection to defend against relatively unskilled attackers who are
not capable of adapting their methods to bypass LOMAC.

This version of LOMAC supports only single-CPU systems running Linux
2.2 kernels.  It has been tested on Linux 2.2.5, 2.2.12, 2.2.17 and
2.2.19.

Changes in LOMAC v1.1.1 since the last release (v1.1.0):

o Changed the LKM's license from GPL to a 3-clause BSD-style license
  in order to support the upcoming FreeBSD port.  For a discussion of
  this issue, consult the lomac-users mailing list archive for 9 July
  2001.  Some of the Perl utility scripts presently remain under the GPL.
o Changed the notion of "subject" to a process, instead of a process
  group.  This means that LOMAC now demotes individual processes
  within a process group independently.  Although this change has
  little effect on LOMAC's protection, it should be more efficient
  and cause less compatibility problems due to process demotions
  during boot and initialization.
o Reorganized the source tree to support builds with different kernel
  interfaces.  The Linux2.2 interface is still the only one supported
  by this distribution, but ports for Linux-2.4, Linux/RSBAC,
  Linux/LSM, and FreeBSD are all underway.
o Added controls on the LKM loading and unloading system calls to 
  prevent remote agents from using them to install LKM-based rootkits.
o Added rule to PLM to put /var/lib/pcmcia into the high-level part
  of the system, to keep pcmcia card management programs happy.

With this release, the official distribution site for LOMAC is now
http://opensource.tislabs.com/lomac.  The old ftp site will be
maintained in parallel with the new web site for this release, but may
be discontinued in the future.

Some important bugs found in the v1.1.0 release remain in the v1.1.1
release - most importantly the chroot() bug.  This bug lies in code
that may be obsoleted by the Linux 2.4 port, so I'm holding off on the
fix until that port is farther along.

This directory contains the source for the LOMAC LKM and the utility
scripts needed to load and interact with it.  The contents of the
subdirectories is as follows:

LKM     - the source for the LOMAC LKM.
Scripts - scripts for loading LOMAC during run-time.
Utils   - the source for some utility programs.
Test    - scripts and programs specifically for testing.

