Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 22 Jun 2003 18:26:34 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sys/sys mac_policy.h src/sys/kern kern_mac.c src/sys/security/mac_biba mac_biba.c src/sys/security/mac_lomac mac_lomac.c src/sys/security/mac_mls mac_mls.c src/sys/security/mac_partition ...
Message-ID:  <200306230126.h5N1QY5F052871@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
rwatson     2003/06/22 18:26:34 PDT

  FreeBSD src repository

  Modified files:
    sys/sys              mac_policy.h 
    sys/kern             kern_mac.c 
    sys/security/mac_biba mac_biba.c 
    sys/security/mac_lomac mac_lomac.c 
    sys/security/mac_mls mac_mls.c 
    sys/security/mac_none mac_none.c 
    sys/security/mac_partition mac_partition.c 
    sys/security/mac_test mac_test.c 
  Log:
  Redesign the externalization APIs from the MAC Framework to
  the MAC policy modules to improve robustness against C string
  bugs and vulnerabilities.  Following these revisions, all
  string construction of labels for export to userspace (or
  elsewhere) is performed using the sbuf API, which prevents
  the consumer from having to perform laborious and intricate
  pointer and buffer checks.  This substantially simplifies
  the externalization logic, both at the MAC Framework level,
  and in individual policies; this becomes especially useful
  when policies export more complex label data, such as with
  compartments in Biba and MLS.
  
  Bundled in here are some other minor fixes associated with
  externalization: including avoiding malloc while holding the
  process mutex in mac_lomac, and hence avoid a failure mode
  when printing labels during a downgrade operation due to
  the removal of the M_NOWAIT case.
  
  This has been running in the MAC development tree for about
  three weeks without problems.
  
  Obtained from:  TrustedBSD Project
  Sponsored by: DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.93      +20 -40    src/sys/kern/kern_mac.c
  1.62      +14 -26    src/sys/security/mac_biba/mac_biba.c
  1.15      +66 -105   src/sys/security/mac_lomac/mac_lomac.c
  1.50      +14 -26    src/sys/security/mac_mls/mac_mls.c
  1.29      +1 -1      src/sys/security/mac_none/mac_none.c
  1.7       +7 -3      src/sys/security/mac_partition/mac_partition.c
  1.28      +1 -1      src/sys/security/mac_test/mac_test.c
  1.41      +7 -12     src/sys/sys/mac_policy.h



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306230126.h5N1QY5F052871>