PERFORCE change 20089 for review

Brian Feldman green at freebsd.org
Thu Oct 24 22:43:00 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=20089

Change 20089 by green at green_laptop_2 on 2002/10/24 15:42:47

	* For mac_lomac, assume "equal" labels for ttyv*.
	* When demoting, don't blindly set all parts of the label to
	  the single target.  Demote "rangehigh" and "single" the
	  object label's single, and "rangelow" to the single if it
	  would in fact be demoting it to do so (i.e. don't raise it).
	
	I can successfully use the range behavior to temporarily lower
	my integrity level to be able to observe objects that would
	otherwise demote me, and then raise it again.  Also, I can
	successfully modify my label in all the normal Biba-like ways
	and then be demoted each time I observe a non-dominant object,
	like a many-level ratchet instead of a... two-level ratchet :-)

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#18 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#18 (text+ko) ====

@@ -443,10 +443,20 @@
 			goto out;
 	}
 	bzero(&subj->mac_lomac, sizeof(subj->mac_lomac));
+	/*
+	 * Always demote the single label.
+	 */
 	mac_lomac_copy_single(objlabel, &subj->mac_lomac);
-	mac_lomac_set_range(&subj->mac_lomac,
-	    objlabel->ml_single.mle_type, objlabel->ml_single.mle_grade,
-	    objlabel->ml_single.mle_type, objlabel->ml_single.mle_grade);
+	/*
+	 * Start with the original range, then minimize each side of
+	 * the range to the point of not dominating the object.  The
+	 * high side will always be demoted, of course.
+	 */
+	mac_lomac_copy_range(subjlabel, &subj->mac_lomac);
+	if (!mac_lomac_dominate_element(&objlabel->ml_single,
+	    &subj->mac_lomac.ml_rangelow))
+		subj->mac_lomac.ml_rangelow = objlabel->ml_single;
+	subj->mac_lomac.ml_rangehigh = objlabel->ml_single;
 	subj->mac_lomac.ml_flags |= MAC_LOMAC_FLAG_UPDATE;
 	mtx_lock_spin(&sched_lock);
 	curthread->td_kse->ke_flags |= KEF_ASTPENDING;
@@ -773,7 +783,8 @@
 	if (strcmp(dev->si_name, "null") == 0 ||
 	    strcmp(dev->si_name, "zero") == 0 ||
 	    strcmp(dev->si_name, "random") == 0 ||
-	    strncmp(dev->si_name, "fd/", strlen("fd/")) == 0)
+	    strncmp(dev->si_name, "fd/", strlen("fd/")) == 0 ||
+	    strncmp(dev->si_name, "ttyv", strlen("ttyv")) == 0)
 		lomac_type = MAC_LOMAC_TYPE_EQUAL;
 	else if (ptys_equal &&
 	    (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list