Bug 117374 - rpm --recontext -q rpm segfaults as user_r:user_t
Summary: rpm --recontext -q rpm segfaults as user_r:user_t
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact: Mike McLean
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: FC2Blocker
TreeView+ depends on / blocked
 
Reported: 2004-03-03 12:53 UTC by Paul Nasrat
Modified: 2007-11-30 22:10 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2004-04-07 23:23:23 UTC


Attachments (Terms of Use)
Brief analysis of core (4.63 KB, text/plain)
2004-03-03 13:00 UTC, Paul Nasrat
no flags Details

Description Paul Nasrat 2004-03-03 12:53:48 UTC
Description of problem:

rpm --recontext -q rpm causes segmentation fault whilst running in
enforcing mode

Version-Release number of selected component (if applicable):
rpm-4.3-0.16

How reproducible:

always

Steps to Reproduce:
1. setenforce 1
2. login as a user who is user_r:user_t
3.  rpm --recontext -q rpm
  
Actual results:

D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0

D: locked   db index       /var/lib/rpm/Packages

D: opening  db index       /var/lib/rpm/Name rdonly mode=0x0

D:  read h#    1842 Header SHA1 digest: OK
(df106e1c2f4cc29765024189d784dbe69bd6f670)

/etc/security/selinux/src/policy/file_contexts/file_contexts:
Permission denied

Segmentation fault

Expected results:

No segmentation fault.

Additional info:

Drops core - back trace to be attached.

avc error:

avc: denied { search } for pid 2655 exe=/usr/lib/rpm/rpmq name=selinux
dev=hda5 ino=1493914 scontext=victim:user_r:user_t
tcontext=system_u:object_r:policy_config_t tclass=dir

inode corresponds to /etc/security/selinux

Comment 1 Paul Nasrat 2004-03-03 13:00:08 UTC
Created attachment 98235 [details]
Brief analysis of core

If you need any more analysis yell

Comment 2 Jeff Johnson 2004-04-07 23:23:23 UTC
Fixed in rpm-4.3.1-0.2 when built.


Note You need to log in before you can comment on or make changes to this bug.