On Tue, 2 Mar 2010, Selphie Keller wrote:
- (2) Could you let me know how your login.conf + user labels are
configured, and show me the output of ps -axZ | grep sshd?
/etc/login.conf label configurations I use
Staff users: label=mls/2(low-high)
Deamons: label=mls/equal(equal-equal)
Insecure
Robert,
I have security.mac.mls.revocation_enabled set to 0, sshd was running as
mls/equal(equal-equal) and my staff user was running as mls/2(low-high) and
sshd gave the error message:
Feb 25 21:46:14 labyrinth sshd[90850]: error: /dev/pts/5: Permission denied
Feb 25 21:46:14 labyrinth
On Mon, 1 Mar 2010, Estella Mystagic wrote:
Found issues with sysctl mibs security.mac.biba.ptys_equal,
security.mac.lomac.ptys_equal, security.mac.mls.ptys_equal, not supporting
new /dev/pts terminal system in FreeBSD 8, proposed fix for issue.
When using a higher security grade/clearance
Hi Robert,
- (1) It looks like you didn't need to set any special label on /dev/ptmx
- itself?
I didn't have any issues with /dev/ptmx being defaulted to mls/low, also
didn't have any problem with /dev/pts device path itself, just the
/dev/pts/* 0 - 99 if they where defaulted to mls/low
On Tue, 2 Mar 2010, Robert Watson wrote:
Thanks for this patch. I'll go ahead and merge it, but had two questions:
Committed as r204581, thanks!
Robert
___
freebsd-hackers@freebsd.org mailing list
Hi,
Found issues with sysctl mibs security.mac.biba.ptys_equal,
security.mac.lomac.ptys_equal, security.mac.mls.ptys_equal, not supporting
new /dev/pts terminal system in FreeBSD 8, proposed fix for issue.
When using a higher security grade/clearance with mac_mls it prevents
writing to the
6 matches
Mail list logo