Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Dec 2019 20:22:38 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 109105] security.mac.bsdextended.firstmatch_enabled is not enabled
Message-ID:  <bug-109105-227-gPIOcxislq@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-109105-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-109105-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D109105

Oleksandr Tymoshenko <gonzo@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |doc@FreeBSD.org
          Component|Documentation               |Manual Pages
           Assignee|doc@FreeBSD.org             |bugs@FreeBSD.org

sigsys@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sigsys@gmail.com

--- Comment #4 from sigsys@gmail.com ---
I was looking into ugidfw when I found this issue as well.

firstmatch_enabled isn't being initialized properly.


Index: sys/security/mac_bsdextended/mac_bsdextended.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- sys/security/mac_bsdextended/mac_bsdextended.c      (revision 355771)
+++ sys/security/mac_bsdextended/mac_bsdextended.c      (working copy)
@@ -108,9 +108,9 @@
  * between the new mode (first rule matches) and the old functionality (all
  * rules match).
  */
-static int ugidfw_firstmatch_enabled;
+static int ugidfw_firstmatch_enabled =3D 1;
 SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, firstmatch_enabled,
-    CTLFLAG_RW, &ugidfw_firstmatch_enabled, 1,
+    CTLFLAG_RW, &ugidfw_firstmatch_enabled, 0,
     "Disable/enable match first rule functionality");

 static int


At this point you've got to wonder if keeping the old behavior would be bet=
ter
though.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-109105-227-gPIOcxislq>