42298 – selinux default policy does not allow run_init_t tty_device_t ioctl to hide password

Bug 42298 - selinux default policy does not allow run_init_t tty_device_t ioctl to hide password

Summary: selinux default policy does not allow run_init_t tty_device_t ioctl to hide p...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Unspecified (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	SE Linux Bugs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-02-20 13:41 UTC by Michael Ihde
Modified:	2004-02-26 09:59 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Ihde 2004-02-20 13:41:54 UTC

While trying to get sshd to accept connections (which still isn't working, even after relabeling and restarting using run_init) I found that if I was _enforcing_ the policy when I ran run_init the password was displayed as I typed it.  This is because run_init_t doesn't have permission to ioctl the tty.  

Maybe this isn't a problem.  I'm fairly new to selinux.  I simply added

allow { run_init_t } tty_device_t:chr_file { read write ioctl getattr };

to my local.te becuase I don't know where the best place to put it was.

Reproducible: Always
Steps to Reproduce:
1. Turn on selinux enforcing
2. run_init /etc/init.d/sshd restart
3. Type in password

Actual Results:  
Password was displayed while I was typing it

Expected Results:  
Password should have been hiden

Comment 1 Michael Ihde 2004-02-26 09:59:25 UTC

It seems that this must have been a problem with the labeling of the filesystem.  After I relabeled it the password remains hidden.