[redhat-lspp] Re: [PATCH 2/3] Re: MLS enforcing PTYs, sshd, and newrole
Stephen Smalley
sds at tycho.nsa.gov
Fri Jan 5 18:43:06 UTC 2007
On Fri, 2007-01-05 at 11:24 -0500, Daniel J Walsh wrote:
> newrole patch. for checking securetty.
>
>
> diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po'
> --exclude='*.pot' -N -u -r nsapolicycoreutils/newrole/newrole.c
> policycoreutils-1.33.8/newrole/newrole.c
> --- nsapolicycoreutils/newrole/newrole.c 2007-01-04
> 17:01:41.000000000 -0500
> +++ policycoreutils-1.33.8/newrole/newrole.c 2007-01-05
> 11:17:36.000000000 -0500
> @@ -793,6 +797,18 @@
> "specified\n"));
> return -1;
> }
> + for (i=0; i < 3; i++) {
> + securetty=0;
> + if (fgetfilecon(i,&tty_con) >= 0) {
> + securetty =
> (selinux_check_securetty_context(tty_con) == 1);
> + freecon(tty_con);
> + }
> + if (!securetty) {
> + fprintf(stderr, "Error: you are
> not allowed to change levels on a non secure terminal\n");
> + return -1;
> + }
> + }
> +
> level_s = optarg;
> break;
> default:
>
Aside from whitespace damage, do we need to check all three descriptors?
newrole only calls ttyname(0) and then re-opens that on all three
descriptors, so even if 1 and 2 point to something else, they would be
ignored (never relabeled, just closed). So I would think you would only
need to check descriptor 0.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list