Summary: | sshd segfaults in glibc when operating in kernel_t SELinux context | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Richard <shiningarcanine> |
Component: | [OLD] Unspecified | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugzilla.mindrot.org/show_bug.cgi?id=1960 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | sshd backtrace that Flameeyes saw |
Description
Richard
2011-07-31 19:59:13 UTC
@selinux If is not your bug feel free to assign @base-s It's "our" bug alright... something with the selinux-specific code where the error handling isn't done correctly (in this case, SSHd runs in an incorrect security context where it wants to do a transition for the user, which fails but isn't handled properly). I consider this to be a lower priority though (ping me if you disagree) but one that needs to be fixed anyway... Well, I can't immediately reproduce (sometimes it's hard to fubar a system when you have to ;-) but I *believe* the following occurred... In ssh_selinux_getctxbyname(), the (local) variable sc is not updated with a correct context (by get_default_context()) since the call fails. Later, the value of sc is returned, but does not contain a proper security_context_t. The later call to freecon() (in ssh_selinux_setup_exec_context) probably tries to interpret this as a valid security_context_t but fails. Since get_default_context() can return -1 both when the context is not touched or when it is (but NULL) I *think* this can be fixed in OpenSSH's port-linux.c by having 99 if (r != -1) 100 return (sc); 101 else 102 return NULL; 103 } instead of 99 100 return (sc); 101 } Since sc is a local variable (which isn't touched, or set to NULL) it does not need to be freed. Unless r != -1, in which case it is adjusted - but then that's the regular modus operandi. Bug opened upstream (openssh), let's see if they agree with it. Patch accepted upstream, will be part of v6.0 release openssh-6.0_p1 is now in main tree (~arch'ed) OpenSSH 6.0+ is stable now |