kern/178667: [patch] mac_lomac policy ignores aux label when reading/writing file extattr

Priit Järv priit at cc.ttu.ee
Wed May 15 18:00:00 UTC 2013 

>Number:         178667
>Category:       kern
>Synopsis:       [patch] mac_lomac policy ignores aux label when reading/writing file extattr
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 15 18:00:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Priit Järv
>Release:        9.1-RELEASE
>Organization:
>Environment:
FreeBSD test 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Sat May 11 16:22:59 EEST 2013     root at test:/usr/obj/usr/src/sys/MACTEST  amd64

>Description:
in sys/security/mac_lomac/mac_lomac.c:

lomac_vnode_associate_extattr() and lomac_vnode_setlabel_extattr() only copy part of the LOMAC label, ignoring the value of the auxiliary grade.

Note that lomac_vnode_create_extattr(), the third function to access the file extended attributes, does already copy the auxiliary grade if it is present.

The problem has been reported for 9.1-RELEASE but it has been confirmed to be present in stable/9. The same problem is likely to be present in head (-CURRENT) as the relevant code has not been modified.
>How-To-Repeat:
1. enable mac_lomac policy in kernel
2. create a multilabel filesystem (newfs -l -U /dev/somedev)
3. mount the filesystem and set lomac labels
   mount /dev/somedev /mnt
   mkdir /mnt/1
   setfmac lomac/high\[low\] /mnt/1 # aux grade
   touch /mnt/1/2 # inherits grade from directory
   touch /mnt/1/3
   setfmac lomac/high\[low\] /mnt/1/3 # set manually
4. use getextattr -x system mac_lomac /mnt/1 /mnt/1/2 /mnt/1/3
   (only the file that inherited the grade has aux grade in extattr)
5. note the labels ls -lZa /mnt/1
6. umount /mnt; mount /dev/somedev /mnt
7. note the aux grades are missing with ls -lZa /mnt/1
>Fix:
Apply the patch. Tested with GENERIC kernel on 9.1-RELEASE and stable/9.


Patch attached with submission follows:

--- sys/security/mac_lomac/mac_lomac.c.orig	2013-05-10 22:56:10.000000000 +0300
+++ sys/security/mac_lomac/mac_lomac.c	2013-05-11 21:30:47.000000000 +0300
@@ -2334,6 +2334,8 @@
 	}
 
 	lomac_copy_single(&ml_temp, dest);
+	if (ml_temp.ml_flags & MAC_LOMAC_FLAG_AUX)
+		lomac_copy_auxsingle(&ml_temp, dest);
 	return (0);
 }
 
@@ -2908,6 +2910,9 @@
 		return (0);
 
 	lomac_copy_single(source, &temp);
+	if (source->ml_flags & MAC_LOMAC_FLAG_AUX)
+		lomac_copy_auxsingle(source, &temp);
+
 	error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE,
 	    MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread);
 	return (error);


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list