From owner-freebsd-security@FreeBSD.ORG Sat Apr 28 21:24:14 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 86F7A106572F for ; Sat, 28 Apr 2012 21:24:14 +0000 (UTC) (envelope-from krichy@tvnetwork.hu) Received: from krichy.tvnetwork.hu (unknown [IPv6:2a01:be00:0:2::10]) by mx1.freebsd.org (Postfix) with ESMTP id 1904F8FC16 for ; Sat, 28 Apr 2012 21:24:13 +0000 (UTC) Received: by krichy.tvnetwork.hu (Postfix, from userid 1000) id 203C820FE7; Sat, 28 Apr 2012 23:24:06 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by krichy.tvnetwork.hu (Postfix) with ESMTP id 163FB2025A for ; Sat, 28 Apr 2012 23:24:06 +0200 (CEST) Date: Sat, 28 Apr 2012 23:24:06 +0200 (CEST) From: Richard Kojedzinszky To: freebsd-security@freebsd.org Message-ID: User-Agent: Alpine 2.02 (DEB 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Subject: mac_mls X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2012 21:24:14 -0000 Dear fbsd team, I am using 9.0, and found that running atop, and exiting from it when the kernel is compiled with MAC_MLS (or the module is loaded), then a panic raises, I think the following patch could fix it (as in mac_biba); --- sys/security/mac_mls/mac_mls.c.orig 2012-04-28 23:19:45.000000000 +0200 +++ sys/security/mac_mls/mac_mls.c 2012-04-28 23:20:13.000000000 +0200 @@ -2028,6 +2028,9 @@ if (!mls_enabled) return (0); + if (vplabel == NULL) + return (0); + subj = SLOT(cred->cr_label); obj = SLOT(vplabel); Regards, Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt.