Date: Mon, 1 Dec 2003 11:58:44 -0800 (PST) From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 43239 for review Message-ID: <200312011958.hB1JwiKs057854@repoman.freebsd.org>
index | next in thread | raw e-mail
http://perforce.freebsd.org/chv.cgi?CH=43239 Change 43239 by areisse@areisse_ibook on 2003/12/01 11:58:06 make sebsd_enabled() library call actually check. Affected files ... .. //depot/projects/trustedbsd/sedarwin/libsebsd/system.c#2 edit .. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wslogin.c#5 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin/libsebsd/system.c#2 (text+ko) ==== @@ -42,10 +42,19 @@ int sebsd_enabled() { - int error, i; - error = sysctlbyname ("security.mac.sebsd.enforcing", - &i, sizeof(int), NULL, 0); - return (error != ENOENT); + int args[2]; + int i; + size_t mibn = sizeof(int) * 64; + int mibs[64]; + + args[0] = 0; + args[1] = 3; + + const char *name = "security.mac.sebsd.enforcing"; + i = sysctl (args, 2, mibs, &mibn, name, strlen(name)); + if (i < 0) + return 0; + return 1; } int ==== //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wslogin.c#5 (text+ko) ==== @@ -49,6 +49,9 @@ */ int setuid (uid_t uid) { + if (!sebsd_enabled()) + return syscall (23, uid); + mac_t execlabel = NULL; /* label to transition to in exec */ openlog ("wslogin", LOG_ODELAY, LOG_AUTH); @@ -73,7 +76,6 @@ return 0; } - if (sebsd_enabled()) { char *labeltext, *queried, **contexts; size_t ncontexts;help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312011958.hB1JwiKs057854>