PERFORCE change 19988 for review
Robert Watson
rwatson at freebsd.org
Wed Oct 23 19:48:20 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=19988
Change 19988 by rwatson at rwatson_tislabs on 2002/10/23 12:47:58
Possible workaround for a getsysctlbyname() problem: sysctl
makes use of a special 0. namespace to handle MIB name
lookup and related evil. For now, exempt that namespace
from integrity checks. This probably bears revisiting.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#154 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#154 (text+ko) ====
@@ -1864,9 +1864,13 @@
/*
* Permit sysctl modification only if Biba-privileged; permit
- * read by any process.
+ * read by any process. Exempt certain management interfaces
+ * that are used to query MIB state. XXXMAC: This probably
+ * requires some more review.
*/
if (new != NULL) {
+ if (namelen > 0 && name[0] == 0)
+ return (0);
if (!mac_biba_privileged(subj))
return (EPERM);
}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list