On Mon, 1 Mar 2010, Estella Mystagic wrote:
Found issues with sysctl mibs security.mac.biba.ptys_equal,
security.mac.lomac.ptys_equal, security.mac.mls.ptys_equal, not supporting
new /dev/pts terminal system in FreeBSD 8, proposed fix for issue.
When using a higher security grade/clearance with mac_mls it prevents
writing to the /dev/pts/5 as its set as mls/low and subjects may not write
to objects with a lower classification level than its own clearance level.
Feb 25 21:42:16 labyrinth sshd[30965]: error: /dev/pts/5: Permission denied
Feb 25 21:42:16 labyrinth sshd[30965]: error: open /dev/tty failed - could
not set controlling tty: Permission denied
Hi Selphie:
Thanks for this patch. I'll go ahead and merge it, but had two questions:
(1) It looks like you didn't need to set any special label on /dev/ptmx
itself?
(2) Could you let me know how your login.conf + user labels are configured,
and show me the output of "ps -axZ | grep sshd"?
We need to rethink how we deal with ttys anyway, and I'd like to understand
how the specific case you're running into comes about.
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
