diff options
| author | aj <none@none> | 2007-12-21 15:14:26 -0800 |
|---|---|---|
| committer | aj <none@none> | 2007-12-21 15:14:26 -0800 |
| commit | 583b61f62d9b9c5ac6bbc290b4e91263dfb202b4 (patch) | |
| tree | 0f1c9c4e1b1a0d36689db1ae5086c06a435e5129 | |
| parent | 4c96bfe1fc9895dfdc5092d6a6246e4b9cba3ef2 (diff) | |
| download | illumos-gate-583b61f62d9b9c5ac6bbc290b4e91263dfb202b4.tar.gz | |
6569653 [tcde] cdrom auto allocated to somewhere ??
6635401 deallocate core dump in libbsm:audit_allocate_list() when /etc/security/device_maps file is too big
| -rw-r--r-- | usr/src/cmd/tsol/labeld/svc-labeld | 46 | ||||
| -rw-r--r-- | usr/src/lib/libbsm/common/audit_allocate.c | 10 |
2 files changed, 32 insertions, 24 deletions
diff --git a/usr/src/cmd/tsol/labeld/svc-labeld b/usr/src/cmd/tsol/labeld/svc-labeld index 6387bbdf1f..dad0e868ce 100644 --- a/usr/src/cmd/tsol/labeld/svc-labeld +++ b/usr/src/cmd/tsol/labeld/svc-labeld @@ -50,19 +50,31 @@ if smf_is_nonglobalzone; then exit $SMF_EXIT_ERR_CONFIG fi -do_logindev() +rewrite_logindev() { - # Comment out audio and usb device entries in /etc/logindevperm. + from="$1" + to="$2" + # Comment out audio, usb, removable-media, and hotpluggable device + # entries in /etc/logindevperm. LOGINDEVPERM=$ROOT_PATH/etc/logindevperm - if [ -f $LOGINDEVPERM ]; then - line="\/dev\/console 0600 \/dev\/sound\/\*" - sed -e "s/^$line/#$line/" $LOGINDEVPERM > /tmp/tmp.$$ - cp /tmp/tmp.$$ $LOGINDEVPERM - line="\/dev\/console 0600 \/dev\/usb\/\[0-9a-f\]+\[.\]\[0-9a-f\]+\/\[0-9\]+\/\*" - sed -e "s/^$line/#$line/" $LOGINDEVPERM > /tmp/tmp.$$ - cp /tmp/tmp.$$ $LOGINDEVPERM - rm -f /tmp/tmp.$$ + if [ ! -f $LOGINDEVPERM ]; then + return fi + for line in \ + "/dev/console 0600 /dev/sound/" \ + "/dev/console 0400 /dev/removable-media/" \ + "/dev/console 0400 /dev/hotpluggable/" \ + "/dev/console 0600 /dev/usb/\[0-9a-f\]" \ + ; do + sed -e "s!^$from$line!$to$line!" $LOGINDEVPERM > /tmp/tmp.$$ + cp /tmp/tmp.$$ $LOGINDEVPERM + done + rm -f /tmp/tmp.$$ +} + +do_logindev() +{ + rewrite_logindev "" "#" } do_otherservices() @@ -353,17 +365,9 @@ __TRUSTED_ENABLE /usr/sbin/svcadm disable svc:/system/tsol-zones:default 2>/dev/null /usr/sbin/svcadm disable svc:/network/tnd:default 2>/dev/null - # Uncomment audio and usb device entries in /etc/logindevperm. - LOGINDEVPERM=$ROOT_PATH/etc/logindevperm - if [ -f $LOGINDEVPERM ]; then - line="\/dev\/console 0600 \/dev\/sound\/\*" - sed -e "s/^#$line/$line/" $LOGINDEVPERM > /tmp/tmp.$$ - cp /tmp/tmp.$$ $LOGINDEVPERM - line="\/dev\/console 0600 \/dev\/usb\/\[0-9a-f\]+\[.\]\[0-9a-f\]+\/\[0-9\]+\/\*" - sed -e "s/^#$line/$line/" $LOGINDEVPERM > /tmp/tmp.$$ - cp /tmp/tmp.$$ $LOGINDEVPERM - rm -f /tmp/tmp.$$ - fi + # Uncomment audio, usb, removable-media, and hotpluggable device + # entries in /etc/logindevperm. + rewrite_logindev "#" "" # Remove sys_labeling from /etc/system grep -v "sys_labeling" ${ROOT_PATH}/etc/system > /tmp/etc.system.$$ diff --git a/usr/src/lib/libbsm/common/audit_allocate.c b/usr/src/lib/libbsm/common/audit_allocate.c index 116a7bbe93..3dfbf3ef65 100644 --- a/usr/src/lib/libbsm/common/audit_allocate.c +++ b/usr/src/lib/libbsm/common/audit_allocate.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -34,6 +34,7 @@ #include <string.h> #include <bsm/audit_uevents.h> #include <generic.h> +#include <stdlib.h> static int s_audit; /* successful audit event */ static int f_audit; /* failure audit event */ @@ -158,7 +159,7 @@ void audit_allocate_list(list) char *list; { - char buf[1024]; + char *buf; char *file; char *last; @@ -166,9 +167,12 @@ audit_allocate_list(list) return; } - (void) strcpy(buf, list); + if ((buf = strdup(list)) == NULL) + return; for (file = strtok_r(buf, " ", &last); file; file = strtok_r(NULL, " ", &last)) (void) au_write(ad, au_to_path(file)); + + free(buf); } |