Date: Tue, 5 Nov 2002 10:31:11 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 20710 for review Message-ID: <200211051831.gA5IVBVD049039@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=20710 Change 20710 by rwatson@rwatson_tislabs on 2002/11/05 10:30:43 Disallow changing Biba label elements via mac_exec(), since we currently don't have the machinery in place for that in Biba. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#181 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#181 (text+ko) ==== @@ -2047,7 +2047,20 @@ struct label *label, struct image_params *imgp, struct label *execlabel) { - struct mac_biba *subj, *obj; + struct mac_biba *subj, *obj, *exec; + int error; + + if (execlabel != NULL) { + /* + * We currently don't permit labels to be changed at + * exec-time as part of Biba, so disallow non-NULL + * Biba label elements in the execlabel. + */ + exec = SLOT(execlabel); + error = biba_atmostflags(exec, 0); + if (error) + return (error); + } if (!mac_biba_enabled) return (0); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211051831.gA5IVBVD049039>