Have ftpd specify the LOGIN_SETMAC flag to setlogincontext() so that

MAC labels are set if MAC is enabled and configured for the user logging in. Note that lukemftpd is not considered a supported application when MAC is enabled, as it does not use the standard system interfaces for managing user contexts; if lukemftpd is used with labeled MAC policies, it will not properly give up privileges when switching to the user account. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
2002-10-24 16:19:52 +00:00 · 2002-10-24 16:19:52 +00:00 · d9e2c4241f
commit d9e2c4241f
parent 93af0c0187
1 changed files with 3 additions and 2 deletions
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@ -1145,7 +1145,8 @@ end_login(void)
 	pw = NULL;
 #ifdef	LOGIN_CAP
 	setusercontext(NULL, getpwuid(0), (uid_t)0,
-		       LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
+		       LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK|
+		       LOGIN_SETMAC);
 #endif
 #ifdef USE_PAM
 	if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS)
@ -1408,7 +1409,7 @@ skip:
 	}
 	setusercontext(lc, pw, (uid_t)0,
 		LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY|
-		LOGIN_SETRESOURCES|LOGIN_SETUMASK);
+		LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC);
 #else
 	setlogin(pw->pw_name);
 	(void) initgroups(pw->pw_name, pw->pw_gid);