Bug 189330

Summary: setfiles segfaults in case of e.g. *.cgi is specified in context file
Product: Red Hat Enterprise Linux 4 Reporter: Peter Bieringer <pb>
Component: policycoreutilsAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2007-0227 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-01 22:46:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Bieringer 2006-04-19 08:08:32 UTC 
Description of problem:
setfiles segfaults, if e.g. *.cgi is specified in
/etc/selinux/targeted/contexts/files/file_context.local

Version-Release number of selected component (if applicable):
policycoreutils-1.18.1-4.9

How reproducible:
Everytime

Steps to Reproduce:
1. Apply entry like
# echo "*.cgi   system_u:object_r:httpd_sys_script_exec_t"
>>/etc/selinux/targeted/contexts/files/file_context.local
2. Execute setfiles
# setfiles /etc/selinux/targeted/contexts/files/file_context.local /root
setfiles:  read 1 specifications
setfiles:  labeling files under /root
Segmentation fault
 
Actual results:
segfault


Expected results:
no segfault


Additional info:

# gdb `which setfiles` core.5849
GNU gdb Red Hat Linux (6.3.0.0-1.96rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".

Core was generated by `setfiles
/etc/selinux/targeted/contexts/files/file_context.local /root'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libselinux.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libselinux.so.1
Reading symbols from /lib/libsepol.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libsepol.so.1
Reading symbols from /lib/tls/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2

#0  0x0041122b in regexec@@GLIBC_2.3.4 () from /lib/tls/libc.so.6
(gdb) bt
#0  0x0041122b in regexec@@GLIBC_2.3.4 () from /lib/tls/libc.so.6
#1  0x080491e3 in ?? ()
#2  0x0a0b23a4 in ?? ()
#3  0x0a0b33a0 in ?? ()
#4  0x00000000 in ?? ()




BTW: at least option "-F" is not specified in man page:
 setfiles [-d] [-l] [-n] [-e directory ] [-o filename ] [-q] [-s] [-v] [-vv]
[-W] [ spec_file pathname...
Comment 1 Daniel Walsh 2006-04-19 15:21:54 UTC 
Does 

echo "/.*\.cgi   system_u:object_r:httpd_sys_script_exec_t" >>
/etc/selinux/targeted/contexts/files/file_context.local

setfiles /etc/selinux/targeted/contexts/files/file_context /root

work?
Comment 2 Peter Bieringer 2006-04-19 15:26:46 UTC 
Yes, also working:

.*\.cgi   system_u:object_r:httpd_sys_script_exec_t
.*.cgi   system_u:object_r:httpd_sys_script_exec_t

Looks like a leading "*" will cause the segfault because it is a formal invalid
regexp, but can happen by user...
Comment 3 Josh Bressers 2006-09-21 19:03:36 UTC 
I'm removing the Security keyword from this bug.  The issue described is not a
security vulnerability, it is a bug.
Comment 4 Daniel Walsh 2007-01-30 21:00:23 UTC 
Fixed in libselinux-1.19.1-7.3
Comment 7 Daniel Walsh 2007-03-20 21:18:04 UTC 
Turns out this is also in policycoreutils since it is hard coded in setfiles in
RHEL4.
Comment 12 Red Hat Bugzilla 2007-05-01 22:46:42 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0227.html