Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 227345

Summary: pam_namespace should convert the context names before it uses them as filenames
Product: Red Hat Enterprise Linux 5 Reporter: Tomas Mraz <tmraz>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: dwalsh, txtoth
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHSA-2007-0555 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-07 15:40:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 224041    
Attachments:
Description Flags
Proposed patch by Ted X Toth
none
test script to create directories none

Description Tomas Mraz 2007-02-05 15:06:17 UTC 
From Ted X Toth (txtoth at gmail com):
The CAPCO security labeling standard allows for characters that are both illegal
(for instance '/') and unsightly in filenames. This patch processes the
context to generate a more viable filename. It does so by replacing
unwanted characters with '_'. I put together a list of character to be
replaced but feel free to alter it. I created the patch against
Rawhide but hopefully it will work its way into RHEL5.
Comment 1 Tomas Mraz 2007-02-05 15:06:17 UTC 
Created attachment 147358 [details]
Proposed patch by Ted X Toth
Comment 2 Daniel Walsh 2007-02-14 21:28:13 UTC 
I don't think this would be unigues.  The file context on disk should be stored
in untranslated form, which will always be a valid directory name.
Comment 3 Tomas Mraz 2007-02-27 00:30:53 UTC 
Fixed in pam-0.99.6.2-17.el5 in dist-5E-lspp - we use raw contexts for dir names.
Comment 8 Ted X Toth 2007-05-05 16:34:23 UTC 
Created attachment 154209 [details]
test script to create directories

We've got 1024 possible categories and a 256 character limitation on file name
length so it would not be unreasonable to create an invalid file name with this
scheme.
Comment 12 errata-xmlrpc 2007-11-07 15:40:12 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0555.html