Bugzilla – Attachment 1687 Details for
Bug 1637
Change the context when starting internal-sftp
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Move code to port-linux.c, give variables meaningful names, correct strlcpy bounds check
openssh-internalsftp-selinux.patch (text/plain), 2.62 KB, created by
Darren Tucker
on 2009-08-31 18:55:36 AEST
(
hide
)
Description:
Move code to port-linux.c, give variables meaningful names, correct strlcpy bounds check
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2009-08-31 18:55:36 AEST
Size:
2.62 KB
patch
obsolete
>Index: session.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh/session.c,v >retrieving revision 1.384 >diff -u -p -r1.384 session.c >--- session.c 20 Aug 2009 06:20:50 -0000 1.384 >+++ session.c 31 Aug 2009 07:54:43 -0000 >@@ -1796,6 +1796,9 @@ do_child(Session *s, const char *command > argv[i] = NULL; > optind = optreset = 1; > __progname = argv[0]; >+#ifdef WITH_SELINUX >+ ssh_selinux_change_context("sftpd_t"); >+#endif > exit(sftp_server_main(i, argv, s->pw)); > } > >Index: openbsd-compat/port-linux.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh/openbsd-compat/port-linux.c,v >retrieving revision 1.5 >diff -u -p -r1.5 port-linux.c >--- openbsd-compat/port-linux.c 26 Mar 2008 20:27:21 -0000 1.5 >+++ openbsd-compat/port-linux.c 31 Aug 2009 08:48:26 -0000 >@@ -29,6 +29,7 @@ > > #ifdef WITH_SELINUX > #include "log.h" >+#include "xmalloc.h" > #include "port-linux.h" > > #include <selinux/selinux.h> >@@ -168,4 +169,36 @@ ssh_selinux_setup_pty(char *pwname, cons > freecon(user_ctx); > debug3("%s: done", __func__); > } >+ >+void >+ssh_selinux_change_context(const char *newname) >+{ >+ int len, newlen; >+ char *oldctx, *newctx, *cx; >+ >+ if (!ssh_selinux_enabled()) >+ return; >+ >+ if (getcon((security_context_t *)&oldctx) < 0) { >+ logit("%s: getcon failed with %s", __func__, strerror (errno)); >+ return; >+ } >+ if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == NULL) { >+ logit ("%s: unparseable context %s", __func__, oldctx); >+ return; >+ } >+ >+ newlen = strlen(oldctx) + strlen(newname) + 1; >+ newctx = xmalloc(newlen); >+ len = cx - oldctx + 1; >+ memcpy(newctx, oldctx, len); >+ strlcpy(newctx + len, newname, newlen - len); >+ if ((cx = index(cx + 1, ':'))) >+ strlcat(newctx, cx, newlen); >+ debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, newctx); >+ if (setcon(newctx) < 0) >+ logit("%s: setcon failed with %s", __func__, strerror (errno)); >+ xfree(oldctx); >+ xfree(newctx); >+} > #endif /* WITH_SELINUX */ >Index: openbsd-compat/port-linux.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh/openbsd-compat/port-linux.h,v >retrieving revision 1.2 >diff -u -p -r1.2 port-linux.h >--- openbsd-compat/port-linux.h 26 Mar 2008 20:27:21 -0000 1.2 >+++ openbsd-compat/port-linux.h 31 Aug 2009 07:55:14 -0000 >@@ -23,6 +23,7 @@ > int ssh_selinux_enabled(void); > void ssh_selinux_setup_pty(char *, const char *); > void ssh_selinux_setup_exec_context(char *); >+void ssh_selinux_change_context(const char *); > #endif > > #endif /* ! _PORT_LINUX_H */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1687">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1637
:
1681
|
1683
| 1687