Date: Sat, 1 Mar 2008 11:55:12 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/security/mac_mls mac_mls.c Message-ID: <200803011155.m21BtCR7007146@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2008-03-01 11:55:12 UTC FreeBSD src repository Modified files: (Branch: RELENG_7) sys/security/mac_mls mac_mls.c Log: Merge mac_mls.c:1.99 from HEAD to RELENG_7: Properly return the error from mls_subject_privileged() in the ifnet relabel check for MLS rather than returning 0 directly. This problem didn't result in a vulnerability currently as the central implementation of ifnet relabeling also checks for UNIX privilege, and we currently don't guarantee containment for the root user in mac_mls, but we should be using the MLS definition of privilege as well as the UNIX definition in anticipation of supporting root containment at some point. Submitted by: Zhouyi Zhou <zhouzhouyi at gmail dot com> Sponsored by: Google SoC 2007 Revision Changes Path 1.88.2.2 +1 -3 src/sys/security/mac_mls/mac_mls.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803011155.m21BtCR7007146>