[Bug 109105] security.mac.bsdextended.firstmatch_enabled is not enabled

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=109105

Oleksandr Tymoshenko <gonzo at FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |doc at FreeBSD.org
          Component|Documentation               |Manual Pages
           Assignee|doc at FreeBSD.org             |bugs at FreeBSD.org

sigsys at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sigsys at gmail.com

--- Comment #4 from sigsys at gmail.com ---
I was looking into ugidfw when I found this issue as well.

firstmatch_enabled isn't being initialized properly.


Index: sys/security/mac_bsdextended/mac_bsdextended.c
===================================================================
--- sys/security/mac_bsdextended/mac_bsdextended.c      (revision 355771)
+++ sys/security/mac_bsdextended/mac_bsdextended.c      (working copy)
@@ -108,9 +108,9 @@
  * between the new mode (first rule matches) and the old functionality (all
  * rules match).
  */
-static int ugidfw_firstmatch_enabled;
+static int ugidfw_firstmatch_enabled = 1;
 SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, firstmatch_enabled,
-    CTLFLAG_RW, &ugidfw_firstmatch_enabled, 1,
+    CTLFLAG_RW, &ugidfw_firstmatch_enabled, 0,
     "Disable/enable match first rule functionality");

 static int


At this point you've got to wonder if keeping the old behavior would be better
though.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.