cvs commit: src/sys/security/mac_mls mac_mls.c

Robert Watson rwatson at
Sat Mar 1 14:52:07 UTC 2008

rwatson     2008-03-01 14:52:06 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_6)
    sys/security/mac_mls mac_mls.c 
  Merge mac_mls.c:1.99 from HEAD to RELENG_6:
    Properly return the error from mls_subject_privileged() in the ifnet
    relabel check for MLS rather than returning 0 directly.
    This problem didn't result in a vulnerability currently as the central
    implementation of ifnet relabeling also checks for UNIX privilege, and
    we currently don't guarantee containment for the root user in mac_mls,
    but we should be using the MLS definition of privilege as well as the
    UNIX definition in anticipation of supporting root containment at some
    Submitted by:   Zhouyi Zhou <zhouzhouyi at gmail dot com>
    Sponsored by:   Google SoC 2007
  Revision  Changes    Path  +1 -3      src/sys/security/mac_mls/mac_mls.c

More information about the cvs-src mailing list