111752 – assertion failure

Bug 111752 - assertion failure

Summary: assertion failure

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Raw Hide
Classification:	Retired
Component:	prelink
Sub Component:
Version:	1.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jakub Jelinek
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-12-09 17:34 UTC by Tim Waugh
Modified:	2007-04-18 17:00 UTC (History)
CC List:	2 users (show)
Fixed In Version:	0.3.0-17
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-12-27 15:55:19 UTC
Embargoed:

Attachments	(Terms of Use)
typescript of gdb session (28.57 KB, text/plain) 2003-12-09 17:35 UTC, Tim Waugh	no flags	Details
/var/log/prelink.log after a prelink-0.3.0-15 run (42.38 KB, text/plain) 2003-12-09 18:10 UTC, Tim Waugh	no flags	Details
/var/log/prelink.log after a prelink-0.3.0-15 run (335.39 KB, text/plain) 2003-12-09 18:11 UTC, Tim Waugh	no flags	Details
Show Obsolete (1) View All

Description Tim Waugh 2003-12-09 17:34:51 UTC

Description of problem:
[...]
Prelinking /usr/lib/libgnomesupport.so.0.0.0
/usr/sbin/prelink: cannot get security context for
/usr/lib/libgnomesupport.so.0.0.0 : No data available
prelink: dso.c:1624: close_dso: Assertion `dso->temp_filename !=
((void *)0)' failed.

Version-Release number of selected component (if applicable):
prelink-0.3.0-16.sel

How reproducible:
100%

Steps to Reproduce:
1. Run prelink, or wait until it runs from cron.
2. See /var/log/prelink.log.
  
See attached gdb run.

Comment 1 Tim Waugh 2003-12-09 17:35:34 UTC

Created attachment 96429 [details]
typescript of gdb session

Comment 2 Tim Waugh 2003-12-09 17:35:55 UTC

This is on kernel 2.6.0-0.test11.1.9.

Comment 3 Tim Waugh 2003-12-09 18:06:39 UTC

0.3.0-15 does not give an assertion failure (but it also fails to
prelink anything due to lack of security contexts).

Comment 4 Tim Waugh 2003-12-09 18:10:28 UTC

Created attachment 96430 [details]
/var/log/prelink.log after a prelink-0.3.0-15 run

Comment 5 Tim Waugh 2003-12-09 18:11:48 UTC

Created attachment 96431 [details]
/var/log/prelink.log after a prelink-0.3.0-15 run

(oops, wrong file last time)

Comment 6 Jakub Jelinek 2003-12-09 18:22:29 UTC

Dan, your patch is certainly buggy in the error path handling
(it can do double free etc.).
Please look at prelink-0.3.0-15 in dist-fc2 where is some
selinux stuff already incorporated.
The main thing is that neither of these is right.
What prelink should do is around creating of the temporary files
use some very minimal setfscreatecon which will allow it only to
write the file into the system directories, but they even shouldn't
be executable at all, etc.
Then, after the file is actually written fully, right before rename,
it should be given the desired security context copied from the origin

I haven't implemented this because I have no idea how to create such
context.

Comment 7 Daniel Walsh 2003-12-09 20:17:47 UTC

I have redone the patch in prelink-0.3.0-16.sel on Nov 19th.

Could you check out this patch.

Dan

Comment 8 Jakub Jelinek 2003-12-09 20:22:20 UTC

That's the patch I was talking about.
The abort Tim got was from 16.sel.
Now, when Tim has SELinux capable kernel, what are the reasons why
could getfilecon fail (with ENODATA)? Shoudl that be always considered
as fatal thing?
If you tell me how the very little priviledged context can be created,
I'll update prelink.

Comment 9 Jakub Jelinek 2003-12-10 08:32:36 UTC

Please try prelink-0.3.0-17 in dist-fc2-scratch.

Comment 10 Tim Waugh 2003-12-10 10:09:52 UTC

0.3.0-17 works fine.

Note You need to log in before you can comment on or make changes to this bug.