From owner-p4-projects@FreeBSD.ORG Thu Feb 23 19:33:35 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 503FA16A423; Thu, 23 Feb 2006 19:33:35 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F376516A420 for ; Thu, 23 Feb 2006 19:33:34 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id EEAFB43D5E for ; Thu, 23 Feb 2006 19:33:33 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k1NJXXA9015798 for ; Thu, 23 Feb 2006 19:33:33 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k1NJXXJx015792 for perforce@freebsd.org; Thu, 23 Feb 2006 19:33:33 GMT (envelope-from millert@freebsd.org) Date: Thu, 23 Feb 2006 19:33:33 GMT Message-Id: <200602231933.k1NJXXJx015792@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 92288 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2006 19:33:36 -0000 http://perforce.freebsd.org/chv.cgi?CH=92288 Change 92288 by millert@millert_g4tower on 2006/02/23 19:33:16 Update errata list Affected files ... .. //depot/projects/trustedbsd/sedarwin7/ERRATA#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/ERRATA#3 (text+ko) ==== @@ -1,8 +1,8 @@ -Port of TrustedBSD MAC Framework to Darwin 10.3.3 +Port of TrustedBSD MAC Framework to Darwin 10.3.8 -McAfee Research -15204 Omega Drive, Suite 300 -Rockville, MD 20850 +SPARTA, Inc. +7075 Samuel Morse Drive +Columbia, MD 21046-3401 The following known issues are present in this release: @@ -28,15 +28,24 @@ provides /dev/fd entries on darwin instead of implementing this within devfs. - 66: Panic with a zalloc: the ipctrace seems to be leaking memory with - port labels and the system will panic after a running for a while. - 76: If a filesystem makes symbolic links from a partition that is using extended attributes into a file system that is not using extended attributes, the system will eventually deadlock. + 89: SEDarwin policy rejecting access to /dev/null when it should + not. Is the general_file_write_access macro not being applied + to users? + 91: Users who create and attach new disk images cannot then access them. + 93: After reboot, the first time a user logs in, after entering correct + user name and password an alert pops up that says: + You cannot continue logging in at this time. There is a + problem that prevents you from logging in at this time. + Please contact your system administrator for help. + After clicking OK the MAC login plug-in box comes up and the + user may login normally. + 98: HFS+ ignores mac_associate_vnode_extattr() failure. HFS+ currently ignores failures in mac_associate_vnode_extattr(), so a failure to load critical extended attributes by a policy might @@ -72,7 +81,16 @@ VOP_IOCTL vector. A MAC Framework access control check needs to be inserted here. -147: Panic with a bad v_usecount for a vnode during vnreclaim(). This - occurs under a heavy load of combined auditing and file - operations. The stack trace always reflects a problem in the - lstat() system call. It's possible that this is a vendor defect. +238: Currently the port label of a label handle is unused. This + could (and probably should) be used to implement access control + (label visibility). The port label would start out with the + same value as the object label but we should provide methods + to get/set this label. Security server methods that return a + label handle or text label can use the port label for access + control. + +239: The SLOT() macro may return NULL in the SEDarwin policy. This + causes a panic in sebsd_externalize_cred_label() when the port + that holds the label has already been destroyed. There appears + to be a missing lock or out of order operation since we should + not be trying to externalized a dead port.