From owner-p4-projects Mon Apr 8 14:24:31 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A75EB37B416; Mon, 8 Apr 2002 14:24:11 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C32AF37B419 for ; Mon, 8 Apr 2002 14:24:10 -0700 (PDT) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g38LOAA49098 for perforce@freebsd.org; Mon, 8 Apr 2002 14:24:10 -0700 (PDT) (envelope-from amigus@tislabs.com) Date: Mon, 8 Apr 2002 14:24:10 -0700 (PDT) Message-Id: <200204082124.g38LOAA49098@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to amigus@tislabs.com using -f From: Adam Migus Subject: PERFORCE change 9392 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=9392 Change 9392 by amigus@amigus_ganymede on 2002/04/08 14:24:07 Changed sysctl/tunable security.mac.biba.trusted_interface to security.mac.biba.trusted_interfaces. It now takes a comma separated list of interfaces to consider trusted. Affected files ... ... //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#26 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#26 (text+ko) ==== @@ -83,12 +83,12 @@ TUNABLE_INT("security.mac.biba.trust_all_interfaces", &mac_biba_trust_all_interfaces); -static char mac_biba_trusted_interface[128] = ""; -SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interface, CTLFLAG_RD, - mac_biba_trusted_interface, sizeof(mac_biba_trusted_interface), - "'trusted' network interface at system boot"); -TUNABLE_STR("security.mac.biba.trusted_interface", - mac_biba_trusted_interface, sizeof(mac_biba_trusted_interface)); +static char mac_biba_trusted_interfaces[128] = ""; +SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, + mac_biba_trusted_interfaces, sizeof(mac_biba_trusted_interfaces), + "'trusted' network interfaces at system boot"); +TUNABLE_STR("security.mac.biba.trusted_interfaces", + mac_biba_trusted_interfaces, sizeof(mac_biba_trusted_interfaces)); static int mac_biba_element_dominate(struct mac_biba_element *labela, @@ -449,12 +449,46 @@ static void mac_biba_create_ifnet(struct ifnet *ifnet) { - int interface_label_type, trusted_interface; - char ifr_name[IFNAMSIZ]; + int interface_label_type, trusted_interface = 0; + char ifr_name[IFNAMSIZ], tifr_name[IFNAMSIZ]; + char *p0 = NULL, *p1 = NULL, *end = NULL; + int len = 0; snprintf(ifr_name, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit); - trusted_interface = !strncmp(mac_biba_trusted_interface, ifr_name, - IFNAMSIZ); + + p0 = mac_biba_trusted_interfaces; + end = p0 + strlen(mac_biba_trusted_interfaces); + + do { + if ((p1 = index(p0, ',')) != NULL) + len = p1 - p0; + else + len = strlen(p0); + + if (len > IFNAMSIZ) { + if (p1) + *p1 = '\0'; + printf("%s: name exceeds maximum length\n", p0); + if (p1) + *p1 = ','; + } else if (len == 0) + break; + + strncpy(tifr_name, p0, len); + if (!strncmp(tifr_name, ifr_name, len) && + len == strlen(ifr_name)) { + trusted_interface = 1; + break; + } + + if (p1 == NULL) + break; + + do { + p0 = ++p1; + } while (*p1 == ' ' || *p1 == '\t'); + } while (p0 < end); + if (trusted_interface) { printf("%s: initialized as trusted interface\n", ifr_name); interface_label_type = MAC_BIBA_TYPE_HIGH; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message