mac_mls mac_biba mac_lomac patches to fix ptys_equal mib support
for new /dev/pts in FreeBSD 8
Estella Mystagic
estella at mystagic.com
Tue Mar 2 02:00:21 UTC 2010
Hi,
Found issues with sysctl mibs security.mac.biba.ptys_equal,
security.mac.lomac.ptys_equal, security.mac.mls.ptys_equal, not supporting
new /dev/pts terminal system in FreeBSD 8, proposed fix for issue.
When using a higher security grade/clearance with mac_mls it prevents
writing to the /dev/pts/5 as its set as mls/low and subjects may not write
to objects with a lower classification level than its own clearance level.
Feb 25 21:42:16 labyrinth sshd[30965]: error: /dev/pts/5: Permission denied
Feb 25 21:42:16 labyrinth sshd[30965]: error: open /dev/tty failed - could
not set controlling tty: Permission denied
-Selphie
Patches:
diff -urNp /usr/src/sys/security-orig/mac_biba/mac_biba.c
/usr/src/sys/security/mac_biba/mac_biba.c
--- /usr/src/sys/security-orig/mac_biba/mac_biba.c 2010-03-01
17:11:30.000000000 -0800
+++ /usr/src/sys/security/mac_biba/mac_biba.c 2010-03-01
17:16:44.000000000 -0800
@@ -955,6 +955,7 @@ biba_devfs_create_device(struct ucred *c
biba_type = MAC_BIBA_TYPE_EQUAL;
else if (ptys_equal &&
(strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
+ strncmp(dev->si_name, "pts/", strlen("pts/")) == 0 ||
strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0))
biba_type = MAC_BIBA_TYPE_EQUAL;
else
diff -urNp /usr/src/sys/security-orig/mac_lomac/mac_lomac.c
/usr/src/sys/security/mac_lomac/mac_lomac.c
--- /usr/src/sys/security-orig/mac_lomac/mac_lomac.c 2010-03-01
17:11:30.000000000 -0800
+++ /usr/src/sys/security/mac_lomac/mac_lomac.c 2010-03-01
17:16:23.000000000 -0800
@@ -1043,6 +1043,7 @@ lomac_devfs_create_device(struct ucred *
lomac_type = MAC_LOMAC_TYPE_EQUAL;
else if (ptys_equal &&
(strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
+ strncmp(dev->si_name, "pts/", strlen("pts/")) == 0 ||
strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0))
lomac_type = MAC_LOMAC_TYPE_EQUAL;
else
diff -urNp /usr/src/sys/security-orig/mac_mls/mac_mls.c
/usr/src/sys/security/mac_mls/mac_mls.c
--- /usr/src/sys/security-orig/mac_mls/mac_mls.c 2010-03-01
17:11:30.000000000 -0800
+++ /usr/src/sys/security/mac_mls/mac_mls.c 2010-03-01
17:15:42.000000000 -0800
@@ -918,6 +918,7 @@ mls_devfs_create_device(struct ucred *cr
mls_type = MAC_MLS_TYPE_HIGH;
else if (ptys_equal &&
(strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
+ strncmp(dev->si_name, "pts/", strlen("pts/")) == 0 ||
strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0))
mls_type = MAC_MLS_TYPE_EQUAL;
else
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fbsd80-mac-devpts-fix.patch
Type: application/octet-stream
Size: 1843 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20100302/104d8d79/fbsd80-mac-devpts-fix.obj
More information about the freebsd-hackers
mailing list