Date: Mon, 8 Apr 2013 04:00:00 GMT From: Kevin Barry <ta0kira@gmail.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/177698: [patch] sshd sets the user's MAC label at the same time it attempts to set the login class, which can cause the latter to fail if mac_biba is used. Message-ID: <201304080400.r384007Z076011@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/177698; it has been noted by GNATS. From: Kevin Barry <ta0kira@gmail.com> To: bug-followup@FreeBSD.org, ta0kira@gmail.com Cc: Subject: Re: bin/177698: [patch] sshd sets the user's MAC label at the same time it attempts to set the login class, which can cause the latter to fail if mac_biba is used. Date: Sun, 7 Apr 2013 23:50:35 -0400 --001a11c34ab6d5d15504d9d15662 Content-Type: multipart/alternative; boundary=001a11c34ab6d5d15204d9d15660 --001a11c34ab6d5d15204d9d15660 Content-Type: text/plain; charset=ISO-8859-1 I submitted this bug report earlier, and since then I've noticed that /usr/bin/login suffers from the same problem. I've therefore made a change to libutil to make setusercontext set the MAC label right before the uid change. I've attached a separate patch that should universally fix the problem. This also makes my previous sshd patch obsolete. Incidentally, this should be reclassified as a bug in libutil. --001a11c34ab6d5d15204d9d15660 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">I submitted this bug report earlier, and since then I'= ve noticed that /usr/bin/login suffers from the same problem. I've ther= efore made a change to libutil to make setusercontext set the MAC label rig= ht before the uid change. I've attached a separate patch that should un= iversally fix the problem. This also makes my previous sshd patch obsolete.= Incidentally, this should be reclassified as a bug in libutil.<br> </div> --001a11c34ab6d5d15204d9d15660-- --001a11c34ab6d5d15504d9d15662 Content-Type: text/plain; charset=US-ASCII; name="login_class.c.txt" Content-Disposition: attachment; filename="login_class.c.txt" Content-Transfer-Encoding: base64 X-Attachment-Id: f_hf93pf171 KioqIC91c3Ivc3JjL2xpYi9saWJ1dGlsL2xvZ2luX2NsYXNzLmMub3JpZwlNb24gRGVjICAzIDE2 OjM2OjM2IDIwMTIKLS0tIC91c3Ivc3JjL2xpYi9saWJ1dGlsL2xvZ2luX2NsYXNzLmMJU3VuIEFw ciAgNyAyMzo0MzoxNyAyMDEzCioqKioqKioqKioqKioqKgoqKiogNDg1LDUxNSAqKioqCiAgCX0K ICAgICAgfQogIAotICAgICAvKiBTZXQgdXAgdGhlIHVzZXIncyBNQUMgbGFiZWwuICovCi0gICAg IGlmICgoZmxhZ3MgJiBMT0dJTl9TRVRNQUMpICYmIG1hY19pc19wcmVzZW50KE5VTEwpID09IDEp IHsKLSAJY29uc3QgY2hhciAqbGFiZWxfc3RyaW5nOwotIAltYWNfdCBsYWJlbDsKLSAKLSAJbGFi ZWxfc3RyaW5nID0gbG9naW5fZ2V0Y2Fwc3RyKGxjLCAibGFiZWwiLCBOVUxMLCBOVUxMKTsKLSAJ aWYgKGxhYmVsX3N0cmluZyAhPSBOVUxMKSB7Ci0gCSAgICBpZiAobWFjX2Zyb21fdGV4dCgmbGFi ZWwsIGxhYmVsX3N0cmluZykgPT0gLTEpIHsKLSAJCXN5c2xvZyhMT0dfRVJSLCAibWFjX2Zyb21f dGV4dCgnJXMnKSBmb3IgJXM6ICVtIiwKLSAJCSAgICBwd2QtPnB3X25hbWUsIGxhYmVsX3N0cmlu Zyk7Ci0gCQlyZXR1cm4gKC0xKTsKLSAJICAgIH0KLSAJICAgIGlmIChtYWNfc2V0X3Byb2MobGFi ZWwpID09IC0xKQotIAkJZXJyb3IgPSBlcnJubzsKLSAJICAgIGVsc2UKLSAJCWVycm9yID0gMDsK LSAJICAgIG1hY19mcmVlKGxhYmVsKTsKLSAJICAgIGlmIChlcnJvciAhPSAwKSB7Ci0gCQlzeXNs b2coTE9HX0VSUiwgIm1hY19zZXRfcHJvYygnJXMnKSBmb3IgJXM6ICVzIiwKLSAJCSAgICBsYWJl bF9zdHJpbmcsIHB3ZC0+cHdfbmFtZSwgc3RyZXJyb3IoZXJyb3IpKTsKLSAJCXJldHVybiAoLTEp OwotIAkgICAgfQotIAl9Ci0gICAgIH0KLSAKICAgICAgLyogU2V0IHRoZSBzZXNzaW9ucyBsb2dp biAqLwogICAgICBpZiAoKGZsYWdzICYgTE9HSU5fU0VUTE9HSU4pICYmIHNldGxvZ2luKHB3ZC0+ cHdfbmFtZSkgIT0gMCkgewogIAlzeXNsb2coTE9HX0VSUiwgInNldGxvZ2luKCVzKTogJW0iLCBw d2QtPnB3X25hbWUpOwotLS0gNDg1LDQ5MCAtLS0tCioqKioqKioqKioqKioqKgoqKiogNTQyLDU0 NyAqKioqCi0tLSA1MTcsNTQ3IC0tLS0KICAgICAgbXltYXNrID0gc2V0bG9naW5jb250ZXh0KGxj LCBwd2QsIG15bWFzaywgZmxhZ3MpOwogICAgICBsb2dpbl9jbG9zZShsbGMpOwogIAorICAgICAv KiBTZXQgdXAgdGhlIHVzZXIncyBNQUMgbGFiZWwuICovCisgICAgIGlmICgoZmxhZ3MgJiBMT0dJ Tl9TRVRNQUMpICYmIG1hY19pc19wcmVzZW50KE5VTEwpID09IDEpIHsKKyAJY29uc3QgY2hhciAq bGFiZWxfc3RyaW5nOworIAltYWNfdCBsYWJlbDsKKyAKKyAJbGFiZWxfc3RyaW5nID0gbG9naW5f Z2V0Y2Fwc3RyKGxjLCAibGFiZWwiLCBOVUxMLCBOVUxMKTsKKyAJaWYgKGxhYmVsX3N0cmluZyAh PSBOVUxMKSB7CisgCSAgICBpZiAobWFjX2Zyb21fdGV4dCgmbGFiZWwsIGxhYmVsX3N0cmluZykg PT0gLTEpIHsKKyAJCXN5c2xvZyhMT0dfRVJSLCAibWFjX2Zyb21fdGV4dCgnJXMnKSBmb3IgJXM6 ICVtIiwKKyAJCSAgICBwd2QtPnB3X25hbWUsIGxhYmVsX3N0cmluZyk7CisgCQlyZXR1cm4gKC0x KTsKKyAJICAgIH0KKyAJICAgIGlmIChtYWNfc2V0X3Byb2MobGFiZWwpID09IC0xKQorIAkJZXJy b3IgPSBlcnJubzsKKyAJICAgIGVsc2UKKyAJCWVycm9yID0gMDsKKyAJICAgIG1hY19mcmVlKGxh YmVsKTsKKyAJICAgIGlmIChlcnJvciAhPSAwKSB7CisgCQlzeXNsb2coTE9HX0VSUiwgIm1hY19z ZXRfcHJvYygnJXMnKSBmb3IgJXM6ICVzIiwKKyAJCSAgICBsYWJlbF9zdHJpbmcsIHB3ZC0+cHdf bmFtZSwgc3RyZXJyb3IoZXJyb3IpKTsKKyAJCXJldHVybiAoLTEpOworIAkgICAgfQorIAl9Cisg ICAgIH0KKyAKICAgICAgLyogVGhpcyBuZWVkcyB0byBiZSBkb25lIGFmdGVyIGFueXRoaW5nIHRo YXQgbmVlZHMgcm9vdCBwcml2cyAqLwogICAgICBpZiAoKGZsYWdzICYgTE9HSU5fU0VUVVNFUikg JiYgc2V0dWlkKHVpZCkgIT0gMCkgewogIAlzeXNsb2coTE9HX0VSUiwgInNldHVpZCglbHUpOiAl bSIsICh1X2xvbmcpdWlkKTsK --001a11c34ab6d5d15504d9d15662--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304080400.r384007Z076011>