Installing Stephanie
--------------------

Some things have changed for the newer version, hopefully it will be a little
easier to install now.

First off, you'll need the following sources:

src/gnu/usr.bin/ld
src/lib/libc/stdio

plus of course the kernel source (should be in /usr/src/sys/)

I'm going to assume:

1: you have the above sources in /usr/src
2: you have a previously configured kernel (using GENERIC is fine)

if you dont have either of these, go and check the faq at www.openbsd.org for
instructions. 

OK, extract the source and apply the kernel patch:

# tar -xvzf stephanie-3.0.tar.gz
# cp stephanie-3.0/stephanie-3.0.patch /usr/src
# cd /usr/src
# patch -p0 < stephanie-3.0.patch

Copy over some files:

# cd stephanie-3.0
# make includes
# make syscall
# make headers

Reconfigure your kernel:

# cd /usr/src/sys/arch/<your arch>/conf
# config YOURKERNEL

Remake the dependencies and rebuild the kernel:

# cd /usr/src/sys/arch/<your arch>/compile/YOURKERNEL
# make depend ; make clean ; make
# cp /bsd /bsd.old ; cp -f bsd /
# reboot

Hope everything worked.

# dmesg | grep list
Trusted patch execution list initialized
tpe: UID 0 added to trust list
#

OK! Now you need to patch ld.so and libkvm

# cp lib/ld.diff /usr/src
# patch -p0 < ld.diff

Now, rebuild your ld.so: 

# cd /usr/src/gnu/usr.bin/ld/rtld
# make ; make install

Now if you want to restrict read's on stdin for untrusted users,
go through and set the immutable flags on any interpreters. This
will apply a trusted path restriction on things like shell scripts.

# chflags schg /bin/sh
# chflags schg /bin/csh
# chflags schg /bin/ksh
# chflags schg /bin/rksh
# chflags schg /usr/bin/perl
# chflags schg /usr/bin/awk

And any others you have. 

Finally make the utility program

# cd misc
# make ; make install

OK! Now you can test it out:

First, check the trusted user list:

# tpe_adm -s
trusted users: root
#

As an untrusted user:

$ cat > foo.c << EOF ; gcc foo.c
int main(void){ printf("Hello world\n"); }
EOF
$ ./a.out
./a.out: Permission denied

neat.

Now as root, check the status of ld environment stripping:

# tpe_adm -ls
ld.so environment protection is currently on
# 

Test it out as an unstrusted user (assuming bash):

$ export LD_PRELOAD=test.o
$ file a.out
Your environment contains possibly malicious variables, stripping for the
execution of this program
a.out: OpenBSD/i386 demand paged dynamically linked executable not stripped
$

Turn ld protection off:

# tpe_adm -ld
ld.so environment protection disabled
#

$ file a.out
/usr/libexec/ld.so: preload: test.o: cannot map object
$

Now add a user to the trusted list:

# tpe_adm -a doe
UID 1000 added to trust list
#

Play with the system utilities, they should work now.

Try and run the sample program

$ ./a.out
hello world!
$

Use LD_PRELOAD and LD_LIBRARY_PATH with gay abandon

As root, take away the trust status:

# tpe_adm -d doe
UID 1000 removed from trust list
#

Make a joke playing on 'abandon' and 'gay'.

Anyway, try out the symlink restrictions

$ cd /tmp
$ ln -s /etc/master.passwd hi

# cat /tmp/hi
cat: /tmp/hi: Permission denied
#

That's it! You're done, add any trusted users (anyone in group wheel would be
a good start). They will have to be added after every reboot, the following 
could be added to /etc/rc.local:

if [ -x /usr/local/sbin/tpe_adm ]; then
	/usr/local/sbin/tpe_adm -a doe
fi

NOTE TO QMAIL USERS:
You may find that you will need to explicitly add the qmailq UID to the trust  
list.  Do this in an rc startup script that runs before the qmail daemons
start. 

Send any feedback, bugs, comments, etc to doe@fuxya.org
