Date: Thu, 21 Aug 2014 23:08:43 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 177698] [libutil] [patch] sshd sets the user's MAC label at the same time it attempts to set the login class, which can cause the latter to fail if mac_biba is used. Message-ID: <bug-177698-8-Yy3vojpOJC@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-177698-8@https.bugs.freebsd.org/bugzilla/> References: <bug-177698-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=177698 --- Comment #2 from ta0kira@gmail.com --- (The following comment did not carry over when the bug report was migrated to the new system.) From: Kevin Barry <ta0kira@gmail.com> [submitter] To: bug-followup@FreeBSD.org, ta0kira@gmail.com Date: Fri, 12 Apr 2013 15:20:10 -0400 Here's a new patch for login_class.c. As far as I can tell there is no reason to require that a passwd entry be specified in order to set the MAC label; therefore, I removed that requirement. Additionally, the current implementation silently fails to set the MAC label when the pwd argument is NULL, and silent failure when it comes to security isn't a good thing. While not directly related to the original problem, it's related to the underlying issue, which is that the handling of MAC labels in setusercontext has several bugs in need of fixing. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-177698-8-Yy3vojpOJC>