Date: Mon, 8 Apr 2002 14:24:10 -0700 (PDT) From: Adam Migus <amigus@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 9392 for review Message-ID: <200204082124.g38LOAA49098@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=9392 Change 9392 by amigus@amigus_ganymede on 2002/04/08 14:24:07 Changed sysctl/tunable security.mac.biba.trusted_interface to security.mac.biba.trusted_interfaces. It now takes a comma separated list of interfaces to consider trusted. Affected files ... ... //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#26 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#26 (text+ko) ==== @@ -83,12 +83,12 @@ TUNABLE_INT("security.mac.biba.trust_all_interfaces", &mac_biba_trust_all_interfaces); -static char mac_biba_trusted_interface[128] = ""; -SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interface, CTLFLAG_RD, - mac_biba_trusted_interface, sizeof(mac_biba_trusted_interface), - "'trusted' network interface at system boot"); -TUNABLE_STR("security.mac.biba.trusted_interface", - mac_biba_trusted_interface, sizeof(mac_biba_trusted_interface)); +static char mac_biba_trusted_interfaces[128] = ""; +SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, + mac_biba_trusted_interfaces, sizeof(mac_biba_trusted_interfaces), + "'trusted' network interfaces at system boot"); +TUNABLE_STR("security.mac.biba.trusted_interfaces", + mac_biba_trusted_interfaces, sizeof(mac_biba_trusted_interfaces)); static int mac_biba_element_dominate(struct mac_biba_element *labela, @@ -449,12 +449,46 @@ static void mac_biba_create_ifnet(struct ifnet *ifnet) { - int interface_label_type, trusted_interface; - char ifr_name[IFNAMSIZ]; + int interface_label_type, trusted_interface = 0; + char ifr_name[IFNAMSIZ], tifr_name[IFNAMSIZ]; + char *p0 = NULL, *p1 = NULL, *end = NULL; + int len = 0; snprintf(ifr_name, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit); - trusted_interface = !strncmp(mac_biba_trusted_interface, ifr_name, - IFNAMSIZ); + + p0 = mac_biba_trusted_interfaces; + end = p0 + strlen(mac_biba_trusted_interfaces); + + do { + if ((p1 = index(p0, ',')) != NULL) + len = p1 - p0; + else + len = strlen(p0); + + if (len > IFNAMSIZ) { + if (p1) + *p1 = '\0'; + printf("%s: name exceeds maximum length\n", p0); + if (p1) + *p1 = ','; + } else if (len == 0) + break; + + strncpy(tifr_name, p0, len); + if (!strncmp(tifr_name, ifr_name, len) && + len == strlen(ifr_name)) { + trusted_interface = 1; + break; + } + + if (p1 == NULL) + break; + + do { + p0 = ++p1; + } while (*p1 == ' ' || *p1 == '\t'); + } while (p0 < end); + if (trusted_interface) { printf("%s: initialized as trusted interface\n", ifr_name); interface_label_type = MAC_BIBA_TYPE_HIGH; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204082124.g38LOAA49098>