[Selinux-commits] SF.net SVN: selinux: [2168] trunk/policycoreutils

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2168
          http://svn.sourceforge.net/selinux/?rev=2168&view=rev
Author:   ssmalley
Date:     2007-01-11 09:28:00 -0800 (Thu, 11 Jan 2007)

Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: newrole patch
Date: Tue, 09 Jan 2007 10:10:28 -0500

Update newrole to call selinux_check_securetty_context()
for -l and refuse to change levels if the tty is not "secure".

[sds:  Update for new return value convention of the function.]

Acked-by:  Stephen Smalley <sd...@ty...>

Modified Paths:
--------------
    trunk/policycoreutils/ChangeLog
    trunk/policycoreutils/newrole/newrole.c

Modified: trunk/policycoreutils/ChangeLog
===================================================================

--- trunk/policycoreutils/ChangeLog	2007-01-11 17:19:04 UTC (rev 2167)
+++ trunk/policycoreutils/ChangeLog	2007-01-11 17:28:00 UTC (rev 2168)
@@ -1,3 +1,5 @@
+	* Merged newrole securetty check from Dan Walsh.
+
 1.33.11 2007-01-09
 	* Merged fixfiles and seobject fixes from Dan Walsh.
 	* Merged semodule support for list of modules after -i from Karl MacMillan. 

Modified: trunk/policycoreutils/newrole/newrole.c
===================================================================
--- trunk/policycoreutils/newrole/newrole.c	2007-01-11 17:19:04 UTC (rev 2167)
+++ trunk/policycoreutils/newrole/newrole.c	2007-01-11 17:28:00 UTC (rev 2168)
@@ -741,6 +741,7 @@
 	char *level_s = NULL;	/* level spec'd by user in argv[] */
 	char *range_ptr = NULL;
 	security_context_t new_con = NULL;
+	security_context_t tty_con = NULL;
 	context_t context = NULL; /* manipulatable form of new_context */
 	const struct option long_options[] = {
 		{"role", 1, 0, 'r'},
@@ -793,6 +794,15 @@
 					"specified\n"));
 				return -1;
 			}
+			if (fgetfilecon(0,&tty_con) >= 0) {
+				if (selinux_check_securetty_context(tty_con) < 0) {
+					fprintf(stderr, _("Error: you are not allowed to change levels on a non secure terminal\n"));
+					freecon(tty_con);
+					return -1;
+				}
+				freecon(tty_con);
+			}
+
 			level_s = optarg;
 			break;
 		default:


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


