From d9e2c4241f02a4e31aa116c6b5e8afac0e274e61 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Thu, 24 Oct 2002 16:19:52 +0000 Subject: [PATCH] Have ftpd specify the LOGIN_SETMAC flag to setlogincontext() so that MAC labels are set if MAC is enabled and configured for the user logging in. Note that lukemftpd is not considered a supported application when MAC is enabled, as it does not use the standard system interfaces for managing user contexts; if lukemftpd is used with labeled MAC policies, it will not properly give up privileges when switching to the user account. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- libexec/ftpd/ftpd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 180f0c11d37..05d41889500 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -1145,7 +1145,8 @@ end_login(void) pw = NULL; #ifdef LOGIN_CAP setusercontext(NULL, getpwuid(0), (uid_t)0, - LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK); + LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK| + LOGIN_SETMAC); #endif #ifdef USE_PAM if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS) @@ -1408,7 +1409,7 @@ skip: } setusercontext(lc, pw, (uid_t)0, LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY| - LOGIN_SETRESOURCES|LOGIN_SETUMASK); + LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETMAC); #else setlogin(pw->pw_name); (void) initgroups(pw->pw_name, pw->pw_gid);