d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow an effective uid of root to bypass mac_bsdextended rules; the MAC

Browse Source 
Framework can restrict the root user, but this policy is not intended
to support that.

Stylish Swiss footwear provided for:	trhodes
This commit is contained in:
rwatson 2004-07-23 01:53:28 +00:00
parent 05c0231248
commit 2c07de53fe
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/security/mac_bsdextended/mac_bsdextended.c
View File

@ -275,6 +275,9 @@ mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid,
{ {
int error, i; int error, i;
if (suser_cred(cred, 0) == 0)
return (0);
for (i = 0; i < rule_slots; i++) { for (i = 0; i < rule_slots; i++) {
if (rules[i] == NULL) if (rules[i] == NULL)
continue; continue;