[Bug 177698] [libutil] [patch] sshd sets the user's MAC label at the same time it attempts to set the login class, which can cause the latter to fail if mac_biba is used.
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Aug 21 23:08:43 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=177698
--- Comment #2 from ta0kira at gmail.com ---
(The following comment did not carry over when the bug report was migrated to
the new system.)
From: Kevin Barry <ta0kira at gmail.com> [submitter]
To: bug-followup at FreeBSD.org, ta0kira at gmail.com
Date: Fri, 12 Apr 2013 15:20:10 -0400
Here's a new patch for login_class.c. As far as I can tell there is no
reason to require that a passwd entry be specified in order to set the MAC
label; therefore, I removed that requirement. Additionally, the current
implementation silently fails to set the MAC label when the pwd argument is
NULL, and silent failure when it comes to security isn't a good thing.
While not directly related to the original problem, it's related to the
underlying issue, which is that the handling of MAC labels in
setusercontext has several bugs in need of fixing.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list