Date: Sat, 8 Jun 2002 15:11:34 -0700 (PDT) From: Adam Migus <amigus@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 12579 for review Message-ID: <200206082211.g58MBYd70857@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=12579 Change 12579 by amigus@amigus_vmganyopa on 2002/06/08 15:11:31 Temporary fix to allow suid programs to work. Affected files ... ... //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#48 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#35 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#48 (text+ko) ==== @@ -1158,6 +1158,14 @@ return (EINVAL); /* + * XXX: Allow processes with root privilege to set labels outside + * their range, so suid things like "su" work. This WILL go away + * when we figure out the 'correct' solution... + */ + if (!suser_cred(cred, 0)) + return (0); + + /* * The new single must be in the old range. */ if (!mac_biba_single_in_range(new, subj)) ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#35 (text+ko) ==== @@ -1151,6 +1151,14 @@ return (EINVAL); /* + * XXX: Allow processes with root privilege to set labels outside + * their range, so suid things like "su" work. This WILL go away + * when we figure out the 'correct' solution... + */ + if (!suser_cred(cred, 0)) + return (0); + + /* * The new single must be in the old range. */ if (!mac_mls_single_in_range(new, subj)) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206082211.g58MBYd70857>