cvs commit: src/sys/security/mac_mls mac_mls.c
Robert Watson
rwatson at FreeBSD.org
Mon Jan 28 02:20:20 PST 2008
rwatson 2008-01-28 10:20:18 UTC
FreeBSD src repository
Modified files:
sys/security/mac_mls mac_mls.c
Log:
Properly return the error from mls_subject_privileged() in the ifnet
relabel check for MLS rather than returning 0 directly.
This problem didn't result in a vulnerability currently as the central
implementation of ifnet relabeling also checks for UNIX privilege, and
we currently don't guarantee containment for the root user in mac_mls,
but we should be using the MLS definition of privilege as well as the
UNIX definition in anticipation of supporting root containment at some
point.
MFC after: 3 days
Submitted by: Zhouyi Zhou <zhouzhouyi at gmail dot com>
Sponsored by: Google SoC 2007
Revision Changes Path
1.99 +1 -3 src/sys/security/mac_mls/mac_mls.c
More information about the cvs-src
mailing list