| Summary: | pam-0.78-r5 has bug in pam-0.78-selinux.patch | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Dan A. Dickey <dan.dickey> |
| Component: | New packages | Assignee: | SE Linux Bugs <selinux> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | 2007.0 | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
this version of pam is no longer in the tree |
From inspection, the file pam-0.78-selinux.patch has a bug in it at line 584. The relevant lines of the patch read: + status=setexeccon(prev_user_context); + freecon(prev_user_context); + if (status) { + syslog(LOG_ERR, _("Error! Unable to set executable context %s."), + prev_user_context); + return PAM_AUTH_ERR; + } So, the call to setexeccon is made - followed by the freecon() call. If status was set, the call to syslog() uses prev_user_context - which was just freed! I'm not sure if this actually causes a problem or not, but got involved with this while trying to track down a problem with sshd and selinux.