tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: It's not cool to change security-related sysctl names
Le 18/01/13 00:50, Jean-Yves Migeon a écrit :
Left over on my side. I'll fix it and ask for a pullup, sorry.
Too late for testing today but FWIW: a patch is attached.
--
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost
Index: extensions/secmodel_extensions.c
===================================================================
RCS file: /cvsroot/src/sys/secmodel/extensions/secmodel_extensions.c,v
retrieving revision 1.3
diff -u -p -r1.3 secmodel_extensions.c
--- extensions/secmodel_extensions.c 13 Mar 2012 18:41:01 -0000 1.3
+++ extensions/secmodel_extensions.c 18 Jan 2013 00:46:05 -0000
@@ -73,7 +73,7 @@ static int secmodel_extensions_network_c
static void
sysctl_security_extensions_setup(struct sysctllog **clog)
{
- const struct sysctlnode *rnode;
+ const struct sysctlnode *rnode, *rnode2;
sysctl_createv(clog, 0, NULL, &rnode,
CTLFLAG_PERMANENT,
@@ -87,6 +87,23 @@ sysctl_security_extensions_setup(struct
NULL, 0, NULL, 0,
CTL_CREATE, CTL_EOL);
+ /* Compatibility: security.models.bsd44 */
+ rnode2 = rnode;
+ sysctl_createv(clog, 0, &rnode2, &rnode2,
+ CTLFLAG_PERMANENT,
+ CTLTYPE_NODE, "bsd44", NULL,
+ NULL, 0, NULL, 0,
+ CTL_CREATE, CTL_EOL);
+
+ /* Compatibility: security.models.bsd44.curtain */
+ sysctl_createv(clog, 0, &rnode2, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_INT, "curtain",
+ SYSCTL_DESCR("Curtain information about objects to "\
+ "users not owning them."),
+ sysctl_extensions_curtain_handler, 0, &curtain, 0,
+ CTL_CREATE, CTL_EOL);
+
sysctl_createv(clog, 0, &rnode, &rnode,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "extensions", NULL,
Index: securelevel/secmodel_securelevel.c
===================================================================
RCS file: /cvsroot/src/sys/secmodel/securelevel/secmodel_securelevel.c,v
retrieving revision 1.28
diff -u -p -r1.28 secmodel_securelevel.c
--- securelevel/secmodel_securelevel.c 27 Jun 2012 10:15:25 -0000 1.28
+++ securelevel/secmodel_securelevel.c 18 Jan 2013 00:46:05 -0000
@@ -95,7 +95,7 @@ secmodel_securelevel_sysctl(SYSCTLFN_ARG
void
sysctl_security_securelevel_setup(struct sysctllog **clog)
{
- const struct sysctlnode *rnode;
+ const struct sysctlnode *rnode, *rnode2;
sysctl_createv(clog, 0, NULL, &rnode,
CTLFLAG_PERMANENT,
@@ -109,6 +109,22 @@ sysctl_security_securelevel_setup(struct
NULL, 0, NULL, 0,
CTL_CREATE, CTL_EOL);
+ /* Compatibility: security.models.bsd44 */
+ rnode2 = rnode;
+ sysctl_createv(clog, 0, &rnode2, &rnode2,
+ CTLFLAG_PERMANENT,
+ CTLTYPE_NODE, "bsd44", NULL,
+ NULL, 0, NULL, 0,
+ CTL_CREATE, CTL_EOL);
+
+ /* Compatibility: security.models.bsd44.securelevel */
+ sysctl_createv(clog, 0, &rnode2, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_INT, "securelevel",
+ SYSCTL_DESCR("System security level"),
+ secmodel_securelevel_sysctl, 0, NULL, 0,
+ CTL_CREATE, CTL_EOL);
+
sysctl_createv(clog, 0, &rnode, &rnode,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "securelevel", NULL,
Home |
Main Index |
Thread Index |
Old Index