Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 91921 - setfiles segfaults (problem in libselinux?)
Summary: setfiles segfaults (problem in libselinux?)
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-05-08 10:35 UTC by Daniel Thaler
Modified: 2005-05-08 17:15 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
My setfiles.c with patch + printf (setfiles-patched.c,13.61 KB, text/plain)
2005-05-08 10:37 UTC, Daniel Thaler
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Thaler 2005-05-08 10:35:29 UTC
I'm building a system with the /usr/portage/profiles/selinux/2005.1/x86/hardened profile.
'emerge system' installs policycoreutils-1.22; every emerge after that fails because setfiles segfaults during the qmerge phase.

After some googling i manually compiled setfiles with the patch at http://marc.theaimsgroup.com/?l=selinux&m=111292011814641&w=2, but it did not fix the problem.

After adding some printf statements, I determined that setfiles crashes in the call to matchpathcon_filespec_destroy(), which is located in libselinux.

(BTW: I was unable to use gdb, becaue I could not set breakpoints. Is there a trick to it that I don't know about, or should I file a bugreport for that too?)
Comment 1 Daniel Thaler 2005-05-08 10:37:06 UTC
Created attachment 58369 [details]
My setfiles.c with patch + printf
Comment 2 Chris PeBenito (RETIRED) gentoo-dev 2005-05-08 16:04:13 UTC
Please try libselinux-1.22-r1, I believe it has the fix for your problem.  As for debugging, you need to enable the gdb debugging in CFLAGS, and have portage not strip your binaries and librares.
Comment 3 Daniel Thaler 2005-05-08 17:05:12 UTC
It works now. Thank you!

As for debugging, I compiled the program manually with CFLAGS="-g". When setting breakpoints I got this type of error:

Warning:
Cannot insert breakpoint 1.
Error accessing memory address 0x702: Input/output error.

Anyway, I was wondering wether this is some weird side-effect of selinux/hardened or a genuine bug.
Comment 4 solar (RETIRED) gentoo-dev 2005-05-08 17:15:59 UTC
Re comment #3

To properly debug something with USE=hardened enabled try the following
# CFLAGS='-g3 -ggdb -fno-stack-protector -nopie' FEATURES='nostrip' emerge buggy
$ paxctl -permsx `which buggy` ; (you may need to force selinux to this step?)
$ gdb `which buggy` 

gdb> run
gdb> backtrace full
gdb> info regs
etc.. good luck.