From 5ac3b0350008b34b3b9ce93045f6d7dbc7dc94a0 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Mon, 28 Jan 2008 10:20:18 +0000 Subject: [PATCH] Properly return the error from mls_subject_privileged() in the ifnet relabel check for MLS rather than returning 0 directly. This problem didn't result in a vulnerability currently as the central implementation of ifnet relabeling also checks for UNIX privilege, and we currently don't guarantee containment for the root user in mac_mls, but we should be using the MLS definition of privilege as well as the UNIX definition in anticipation of supporting root containment at some point. MFC after: 3 days Submitted by: Zhouyi Zhou Sponsored by: Google SoC 2007 --- sys/security/mac_mls/mac_mls.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index eb3ab0e20a48..acf94235e07e 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -964,9 +964,7 @@ mls_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, /* * Relabeling network interfaces requires MLS privilege. */ - error = mls_subject_privileged(subj); - - return (0); + return (mls_subject_privileged(subj)); } static int