PERFORCE change 20710 for review
Robert Watson
rwatson at freebsd.org
Tue Nov 5 18:31:11 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=20710
Change 20710 by rwatson at rwatson_tislabs on 2002/11/05 10:30:43
Disallow changing Biba label elements via mac_exec(), since we
currently don't have the machinery in place for that in Biba.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#181 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#181 (text+ko) ====
@@ -2047,7 +2047,20 @@
struct label *label, struct image_params *imgp,
struct label *execlabel)
{
- struct mac_biba *subj, *obj;
+ struct mac_biba *subj, *obj, *exec;
+ int error;
+
+ if (execlabel != NULL) {
+ /*
+ * We currently don't permit labels to be changed at
+ * exec-time as part of Biba, so disallow non-NULL
+ * Biba label elements in the execlabel.
+ */
+ exec = SLOT(execlabel);
+ error = biba_atmostflags(exec, 0);
+ if (error)
+ return (error);
+ }
if (!mac_biba_enabled)
return (0);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list