Date: Sat, 1 Mar 2008 11:55:12 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/security/mac_mls mac_mls.c Message-ID: <200803011155.m21BtCR7007146@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2008-03-01 11:55:12 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_7)
sys/security/mac_mls mac_mls.c
Log:
Merge mac_mls.c:1.99 from HEAD to RELENG_7:
Properly return the error from mls_subject_privileged() in the ifnet
relabel check for MLS rather than returning 0 directly.
This problem didn't result in a vulnerability currently as the central
implementation of ifnet relabeling also checks for UNIX privilege, and
we currently don't guarantee containment for the root user in mac_mls,
but we should be using the MLS definition of privilege as well as the
UNIX definition in anticipation of supporting root containment at some
point.
Submitted by: Zhouyi Zhou <zhouzhouyi at gmail dot com>
Sponsored by: Google SoC 2007
Revision Changes Path
1.88.2.2 +1 -3 src/sys/security/mac_mls/mac_mls.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803011155.m21BtCR7007146>