Have ftpd specify the LOGIN_SETMAC flag to setlogincontext() so that
MAC labels are set if MAC is enabled and configured for the user logging in. Note that lukemftpd is not considered a supported application when MAC is enabled, as it does not use the standard system interfaces for managing user contexts; if lukemftpd is used with labeled MAC policies, it will not properly give up privileges when switching to the user account. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
This commit is contained in:
Robert Watson
parent
93af0c0187
commit
d9e2c4241f
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=105877
@ -1145,7 +1145,8 @@ end_login(void)
|
||||
pw = NULL;
|
||||
#ifdef LOGIN_CAP
|
||||
setusercontext(NULL, getpwuid(0), (uid_t)0,
|
||||
LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
|
||||
LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK|
|
||||
LOGIN_SETMAC);
|
||||
#endif
|
||||
#ifdef USE_PAM
|
||||
if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS)
|
||||
@ -1408,7 +1409,7 @@ pass(char *passwd)
|
||||
}
|
||||
setusercontext(lc, pw, (uid_t)0,
|
||||
LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY|
|
||||
LOGIN_SETRESOURCES|LOGIN_SETUMASK);
|
||||
LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC);
|
||||
#else
|
||||
setlogin(pw->pw_name);
|
||||
(void) initgroups(pw->pw_name, pw->pw_gid);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user