FreeBSD Bugzilla – Attachment 133258 Details for
Bug 177698
[libutil] sshd sets the user's MAC label at the same time it attempts to set the login class, which can cause the latter to fail if mac_biba is used.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
session.c.diff (text/plain), 947 bytes, created by
Kevin Barry
on 2013-04-07 22:50:01 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Kevin Barry
Created:
2013-04-07 22:50:01 UTC
Size:
947 bytes
patch
obsolete
>--- /usr/src/crypto/openssh/session.c.orig 2012-12-03 22:41:51.000000000 -0500 >+++ /usr/src/crypto/openssh/session.c 2013-04-07 17:01:32.000000000 -0400 >@@ -1491,11 +1491,24 @@ > > if (platform_privileged_uidswap()) { > #ifdef HAVE_LOGIN_CAP >+#ifdef LOGIN_SETMAC >+ /* Set the MAC label second so it doesn't interfere with setting the login class. */ >+ if (setusercontext(lc, pw, pw->pw_uid, >+ (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER|LOGIN_SETMAC))) < 0) { >+ perror("unable to set user context"); >+ exit(1); >+ } >+ if (setusercontext(lc, pw, pw->pw_uid,LOGIN_SETMAC) < 0) { >+ perror("unable to set user context"); >+ exit(1); >+ } >+#else > if (setusercontext(lc, pw, pw->pw_uid, > (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { > perror("unable to set user context"); > exit(1); > } >+#endif > #else > if (setlogin(pw->pw_name) < 0) > error("setlogin failed: %s", strerror(errno));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=133258">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 177698
:
133258
|
133259
|
133260
|
221063