Date: Mon, 28 Jan 2008 10:20:18 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/security/mac_mls mac_mls.c Message-ID: <200801281020.m0SAKK7k051336@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2008-01-28 10:20:18 UTC
FreeBSD src repository
Modified files:
sys/security/mac_mls mac_mls.c
Log:
Properly return the error from mls_subject_privileged() in the ifnet
relabel check for MLS rather than returning 0 directly.
This problem didn't result in a vulnerability currently as the central
implementation of ifnet relabeling also checks for UNIX privilege, and
we currently don't guarantee containment for the root user in mac_mls,
but we should be using the MLS definition of privilege as well as the
UNIX definition in anticipation of supporting root containment at some
point.
MFC after: 3 days
Submitted by: Zhouyi Zhou <zhouzhouyi at gmail dot com>
Sponsored by: Google SoC 2007
Revision Changes Path
1.99 +1 -3 src/sys/security/mac_mls/mac_mls.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801281020.m0SAKK7k051336>