diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-10-24 16:19:52 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-10-24 16:19:52 +0000 |
| commit | 71edd02c559d6c9bf0437f8c01c73628ead40d01 (patch) | |
| tree | 54c3e105592c97b03651cbf39448c441a9efc727 /libexec | |
| parent | 25c64c35f4824041175cb78531f2b8319a8e2b76 (diff) | |
| download | FreeBSD-src-71edd02c559d6c9bf0437f8c01c73628ead40d01.zip FreeBSD-src-71edd02c559d6c9bf0437f8c01c73628ead40d01.tar.gz | |
Have ftpd specify the LOGIN_SETMAC flag to setlogincontext() so that
MAC labels are set if MAC is enabled and configured for the user
logging in.
Note that lukemftpd is not considered a supported application when
MAC is enabled, as it does not use the standard system interfaces for
managing user contexts; if lukemftpd is used with labeled MAC policies,
it will not properly give up privileges when switching to the user
account.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/ftpd/ftpd.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 180f0c1..05d4188 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -1145,7 +1145,8 @@ end_login(void) pw = NULL; #ifdef LOGIN_CAP setusercontext(NULL, getpwuid(0), (uid_t)0, - LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK); + LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK| + LOGIN_SETMAC); #endif #ifdef USE_PAM if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS) @@ -1408,7 +1409,7 @@ skip: } setusercontext(lc, pw, (uid_t)0, LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY| - LOGIN_SETRESOURCES|LOGIN_SETUMASK); + LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC); #else setlogin(pw->pw_name); (void) initgroups(pw->pw_name, pw->pw_gid); |
