Date: Thu, 13 Feb 2025 10:20:52 GMT From: Zhenlei Huang <zlei@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 04f360b78220 - stable/14 - MAC: mac_biba, mac_lomac: Fix setting loader tunables Message-ID: <202502131020.51DAKq9D025630@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=04f360b782205c799b9302ba8bd810f7a303017f commit 04f360b782205c799b9302ba8bd810f7a303017f Author: Zhenlei Huang <zlei@FreeBSD.org> AuthorDate: 2025-02-09 15:53:29 +0000 Commit: Zhenlei Huang <zlei@FreeBSD.org> CommitDate: 2025-02-13 10:19:56 +0000 MAC: mac_biba, mac_lomac: Fix setting loader tunables A string loader tunable requires setting the len parameter to a nonzero value, typically the size of the string, to have the flag CTLFLAG_TUN work correctly [1] [2]. Without this fix security.mac.{biba,lomac}.trusted_interfaces would have no effect at all. [1] 3da1cf1e88f8 Extend the meaning of the CTLFLAG_TUN flag to automatically ... [2] 6a3287f889b0 Fix regression issue after r267961. Handle special string case ... Reviewed by: olce, kib Fixes: af3b2549c4ba Pull in r267961 and r267973 again ... MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D48898 (cherry picked from commit 7d4c0fac8c7db9c5741ba98a8b3ce3c43feb1cf4) --- sys/security/mac_biba/mac_biba.c | 3 ++- sys/security/mac_lomac/mac_lomac.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index e991e05311df..aac7a0545ab8 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -110,7 +110,8 @@ SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RDTUN, static char trusted_interfaces[128]; SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RDTUN, - trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); + trusted_interfaces, sizeof(trusted_interfaces), + "Interfaces considered 'trusted' by MAC/Biba"); static int max_compartments = MAC_BIBA_MAX_COMPARTMENTS; SYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD, diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 23acc7b7a592..23a996469bc0 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -111,7 +111,8 @@ SYSCTL_INT(_security_mac_lomac, OID_AUTO, trust_all_interfaces, CTLFLAG_RDTUN, static char trusted_interfaces[128]; SYSCTL_STRING(_security_mac_lomac, OID_AUTO, trusted_interfaces, CTLFLAG_RDTUN, - trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/LOMAC"); + trusted_interfaces, sizeof(trusted_interfaces), + "Interfaces considered 'trusted' by MAC/LOMAC"); static int ptys_equal = 0; SYSCTL_INT(_security_mac_lomac, OID_AUTO, ptys_equal, CTLFLAG_RWTUN,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502131020.51DAKq9D025630>