Re: Bug in libselinux/src/setrans_client.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've recompiled libselinux with the proposed patch and it looks like
it fixed the bug. Thanks!

2013/12/23 Stephen Smalley <stephen.smalley@xxxxxxxxx>:
> Calling *setfilecon() with a NULL context is a bug in the caller.  Not
> opposed to having it return an error, but what do you intend for the
> caller to do in that case?  It never should have called it with a NULL
> context in the first place.

The caller here is cp program, from coreutils project, in function
restorecon_private(path="setfiles.8.man", local=true), line 195 of
src/selinux.c [1]. The code runs like this (according to the gdb
backtrace I get):

      if (getfscreatecon (&tcon) < 0)  /* getfscreatecon sets tcon to
NULL and returns 0 */
        return rc;
      rc = lsetfilecon (path, tcon); /* call
lsetfilecon("setfiles.8.man", NULL) */
      freecon (tcon);
      return rc;

If you think this code is doing wrong, there may be a missing check to
test whether tcon is NULL before calling lsetfilecon. Anyway I don't
know what "cp" does if this call to restorecon_private fails, but it
seems to work fine on my system (at least it no longer segfaults).

Nicolas


[1] http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=src/selinux.c;h=680bc492e5ef2d1a7abd443df7141114b1bc0704;hb=HEAD#l195
[2] http://userspace.selinuxproject.org/trac/browser/libselinux/src/setrans_client.c?rev=aa62cd60f7192123b509c2518e7a2083e34a65a2#L321

---------------- gdb session with "cp" coredump ----------------
Core was generated by `cp -af setfiles.8 setfiles.8.man'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f31be0b39ba in strlen () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007f31be0b39ba in strlen () from /usr/lib/libc.so.6
#1  0x00007f31be801be8 in lsetfilecon_raw_internal
(path=path@entry=0x7fffaeb3cea9 "setfiles.8.man", context=0x0) at
lsetfilecon.c:12
#2  0x00007f31be801cab in lsetfilecon (path=path@entry=0x7fffaeb3cea9
"setfiles.8.man", context=<optimized out>) at lsetfilecon.c:38
#3  0x0000000000409a55 in restorecon_private (path=0x7fffaeb3cea9
"setfiles.8.man", local=local@entry=true) at src/selinux.c:195
#4  0x0000000000409f68 in restorecon (path=0x7fffaeb3cea9
"setfiles.8.man", recurse=<optimized out>, local=<optimized out>) at
src/selinux.c:301
#5  0x0000000000405c0b in set_file_security_ctx
(dst_name=0x7fffaeb3cea9 "setfiles.8.man", process_local=<optimized
out>, recurse=<optimized out>, x=<optimized out>) at src/copy.c:835
#6  0x000000000040893b in copy_reg (src_sb=0x7fffaeb3acb0,
new_dst=<synthetic pointer>, omitted_permissions=36,
dst_mode=<optimized out>, x=0x7fffaeb3b0d0,
    dst_name=0x7fffaeb3cea9 "setfiles.8.man", src_name=0x7fffaeb3ce9e
"setfiles.8") at src/copy.c:952
#7  copy_internal (src_name=src_name@entry=0x7fffaeb3ce9e
"setfiles.8", dst_name=dst_name@entry=0x7fffaeb3cea9 "setfiles.8.man",
new_dst=<optimized out>, new_dst@entry=false,
    device=device@entry=0, ancestors=ancestors@entry=0x0,
x=x@entry=0x7fffaeb3b0d0,
command_line_arg=command_line_arg@entry=true,
    first_dir_created_per_command_line_arg=first_dir_created_per_command_line_arg@entry=0x7fffaeb3af6f,
copy_into_self=copy_into_self@entry=0x7fffaeb3afb8,
    rename_succeeded=rename_succeeded@entry=0x0) at src/copy.c:2503
#8  0x00000000004094bc in copy (src_name=src_name@entry=0x7fffaeb3ce9e
"setfiles.8", dst_name=dst_name@entry=0x7fffaeb3cea9 "setfiles.8.man",
nonexistent_dst=nonexistent_dst@entry=false,
    options=options@entry=0x7fffaeb3b0d0,
copy_into_self=copy_into_self@entry=0x7fffaeb3afb8,
rename_succeeded=rename_succeeded@entry=0x0) at src/copy.c:2809
#9  0x0000000000404fb0 in do_copy (n_files=<optimized out>,
file=0x7fffaeb3b2d8, target_directory=<optimized out>,
target_directory@entry=0x0,
no_target_directory=no_target_directory@entry=false,
    x=x@entry=0x7fffaeb3b0d0) at src/cp.c:765
#10 0x0000000000403ba9 in main (argc=4, argv=0x7fffaeb3b2c8) at src/cp.c:1212
(gdb) f 3
#3  0x0000000000409a55 in restorecon_private (path=0x7fffaeb3cea9
"setfiles.8.man", local=local@entry=true) at src/selinux.c:195
195      rc = lsetfilecon (path, tcon);
(gdb) info locals
rc = -1
sb = {st_dev = 139851618037504, st_ino = 139851632465104, st_nlink =
0, st_mode = 2931011792, st_uid = 32767, st_gid = 2931019422, __pad0 =
32767, st_rdev = 140736124407465,
  st_size = 140736124399408, st_blksize = 139851630542055, st_blocks =
140733193388033, st_atim = {tv_sec = 0, tv_nsec = 140736124407465},
st_mtim = {tv_sec = 139851618056848, tv_nsec = 420},
  st_ctim = {tv_sec = 6434904, tv_nsec = 0}, __unused =
{140736124399824, 140736124407454, 140736124407465}}
scon = 0x0
tcon = 0x0
scontext = 0x0
tcontext = 0x0
contype = <optimized out>
constr = <optimized out>

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux