Date: Thu, 31 Jul 2003 10:48:32 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 35273 for review Message-ID: <200307311748.h6VHmW1g087904@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=35273 Change 35273 by rwatson@rwatson_tislabs on 2003/07/31 10:48:05 The MAC Framework does a suser check for interface relabeling already, so simply do a Biba privilege check to determine whether an interface relabel request is permitted. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#217 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#217 (text+ko) ==== @@ -1550,25 +1550,6 @@ if (error) return (error); - /* - * If the Biba label is to be changed, authorize as appropriate. - */ - if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { - /* - * Rely on the traditional superuser status for the Biba - * interface relabel requirements. XXXMAC: This will go - * away. - */ - error = suser_cred(cred, 0); - if (error) - return (EPERM); - - /* - * XXXMAC: Additional consistency tests regarding the single - * and the range of the new label might be performed here. - */ - } - return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307311748.h6VHmW1g087904>