Date: Mon, 28 Jan 2008 10:20:18 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/security/mac_mls mac_mls.c Message-ID: <200801281020.m0SAKK7k051336@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2008-01-28 10:20:18 UTC FreeBSD src repository Modified files: sys/security/mac_mls mac_mls.c Log: Properly return the error from mls_subject_privileged() in the ifnet relabel check for MLS rather than returning 0 directly. This problem didn't result in a vulnerability currently as the central implementation of ifnet relabeling also checks for UNIX privilege, and we currently don't guarantee containment for the root user in mac_mls, but we should be using the MLS definition of privilege as well as the UNIX definition in anticipation of supporting root containment at some point. MFC after: 3 days Submitted by: Zhouyi Zhou <zhouzhouyi at gmail dot com> Sponsored by: Google SoC 2007 Revision Changes Path 1.99 +1 -3 src/sys/security/mac_mls/mac_mls.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801281020.m0SAKK7k051336>