diff options
author | rwatson <rwatson@FreeBSD.org> | 2004-07-23 01:53:28 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2004-07-23 01:53:28 +0000 |
commit | 2c07de53fe80ba3845ca4f08bda41fb515f4f573 (patch) | |
tree | 19123edf5dcbc6ba985fa9d5a4d8ca598daf2194 /sys/security | |
parent | 05c0231248aeb113690e49124d3b096febc9dd65 (diff) | |
download | FreeBSD-src-2c07de53fe80ba3845ca4f08bda41fb515f4f573.zip FreeBSD-src-2c07de53fe80ba3845ca4f08bda41fb515f4f573.tar.gz |
Allow an effective uid of root to bypass mac_bsdextended rules; the MAC
Framework can restrict the root user, but this policy is not intended
to support that.
Stylish Swiss footwear provided for: trhodes
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index 1816a98..ab467f8 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -275,6 +275,9 @@ mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid, { int error, i; + if (suser_cred(cred, 0) == 0) + return (0); + for (i = 0; i < rule_slots; i++) { if (rules[i] == NULL) continue; |