From owner-cvs-src@FreeBSD.ORG Sun Jun 22 18:26:35 2003 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97ECB37B401; Sun, 22 Jun 2003 18:26:35 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 180A143F75; Sun, 22 Jun 2003 18:26:35 -0700 (PDT) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h5N1QY0U052874; Sun, 22 Jun 2003 18:26:34 -0700 (PDT) (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h5N1QY5F052871; Sun, 22 Jun 2003 18:26:34 -0700 (PDT) Message-Id: <200306230126.h5N1QY5F052871@repoman.freebsd.org> From: Robert Watson Date: Sun, 22 Jun 2003 18:26:34 -0700 (PDT) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src/sys/sys mac_policy.h src/sys/kern kern_mac.c src/sys/security/mac_biba mac_biba.c src/sys/security/mac_lomac mac_lomac.c src/sys/security/mac_mls mac_mls.c src/sys/security/mac_partition ... X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2003 01:26:36 -0000 rwatson 2003/06/22 18:26:34 PDT FreeBSD src repository Modified files: sys/sys mac_policy.h sys/kern kern_mac.c sys/security/mac_biba mac_biba.c sys/security/mac_lomac mac_lomac.c sys/security/mac_mls mac_mls.c sys/security/mac_none mac_none.c sys/security/mac_partition mac_partition.c sys/security/mac_test mac_test.c Log: Redesign the externalization APIs from the MAC Framework to the MAC policy modules to improve robustness against C string bugs and vulnerabilities. Following these revisions, all string construction of labels for export to userspace (or elsewhere) is performed using the sbuf API, which prevents the consumer from having to perform laborious and intricate pointer and buffer checks. This substantially simplifies the externalization logic, both at the MAC Framework level, and in individual policies; this becomes especially useful when policies export more complex label data, such as with compartments in Biba and MLS. Bundled in here are some other minor fixes associated with externalization: including avoiding malloc while holding the process mutex in mac_lomac, and hence avoid a failure mode when printing labels during a downgrade operation due to the removal of the M_NOWAIT case. This has been running in the MAC development tree for about three weeks without problems. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Revision Changes Path 1.93 +20 -40 src/sys/kern/kern_mac.c 1.62 +14 -26 src/sys/security/mac_biba/mac_biba.c 1.15 +66 -105 src/sys/security/mac_lomac/mac_lomac.c 1.50 +14 -26 src/sys/security/mac_mls/mac_mls.c 1.29 +1 -1 src/sys/security/mac_none/mac_none.c 1.7 +7 -3 src/sys/security/mac_partition/mac_partition.c 1.28 +1 -1 src/sys/security/mac_test/mac_test.c 1.41 +7 -12 src/sys/sys/mac_policy.h