Date: Wed, 23 Oct 2002 12:48:20 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 19988 for review Message-ID: <200210231948.g9NJmKKn025484@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=19988 Change 19988 by rwatson@rwatson_tislabs on 2002/10/23 12:47:58 Possible workaround for a getsysctlbyname() problem: sysctl makes use of a special 0. namespace to handle MIB name lookup and related evil. For now, exempt that namespace from integrity checks. This probably bears revisiting. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#154 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#154 (text+ko) ==== @@ -1864,9 +1864,13 @@ /* * Permit sysctl modification only if Biba-privileged; permit - * read by any process. + * read by any process. Exempt certain management interfaces + * that are used to query MIB state. XXXMAC: This probably + * requires some more review. */ if (new != NULL) { + if (namelen > 0 && name[0] == 0) + return (0); if (!mac_biba_privileged(subj)) return (EPERM); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210231948.g9NJmKKn025484>