Hi all, I'm trying to debug a (less important) case of SSHd segfaulting when the user is running in permissive mode but has a wrongly labeled system, resulting in the sshd binary running in the kernel_t context. It looks like this causes a double-free (or something similar) [1] in the code and I'm trying to figure out how to best deal with this. [1] https://bugs.gentoo.org/show_bug.cgi?id=377203 >From the looks of it, I think it boils down to get_default_context which returns -1 (as expected) but either leaves the security_context_t as-is or makes it NULL. 98 int get_default_context(const char *user, 99 security_context_t fromcon, security_context_t * newcon) 100 { 101 security_context_t *conary; 102 int rc; 103 104 rc = get_ordered_context_list(user, fromcon, &conary); 105 if (rc <= 0) 106 return -1; 107 108 *newcon = strdup(conary[0]); 109 freeconary(conary); 110 if (!(*newcon)) 111 return -1; 112 return 0; 113 } Am I correct to state that, if the newcon variable was not set to a valid security_context_t before, then I can just set newcon to NULL? Like in OpenSSH's ssh_selinux_getctxbyname: static security_context_t ssh_selinux_getctxbyname(char *pwname) { security_context_t sc; ... r = get_default_context(pwname, NULL, &sc); return(sc); } I think the above might be updated with: if (r != -1) return(sc); else return(NULL); Otherwise a later call tries to freecon(sc) which then fails (in case of OpenSSH, that's in ssh_selinux_setup_exec_context()). Am I making sense here? Wkr, Sven Vermeulen -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
