Bug 122523 - restarts ssh but with incorrect security context
Summary: restarts ssh but with incorrect security context
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-05-05 14:13 UTC by Tim Waugh
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2004-09-30 18:20:41 UTC


Attachments (Terms of Use)

Description Tim Waugh 2004-05-05 14:13:25 UTC
Description of problem:
Upgrading glibc on an enforcing-mode SELinux machine renders it
incapable of accepting remote ssh logins until ssh is restarted by hand.

Version-Release number of selected component (if applicable):
openssh-3.6.1p2-34
glibc-2.3.3-24
policy-1.11.2-21

How reproducible:
100%

Steps to Reproduce:
1. Run SELinux enforcing mode.
2. Log in via ssh -- it works
3. Upgrade glibc (ssh is restarted in %post)
4. Try to log in via ssh - the log in is refused

This is because sshd is running in rpm_t context, due to being
restarted in an rpm scriptlet.

Comment 1 Ulrich Drepper 2004-09-30 11:11:33 UTC
I thing I updated my system today without explicitly restarting ssh
(i.e., the glibc spec file did).  Login still works.  Can somebody
confirm this is still a problem?  If yes, will we need to use the new
su-replacement?

Comment 2 Tim Waugh 2004-09-30 11:12:40 UTC
Not sure; I'm not using SELinux at the moment I'm afraid.

Comment 3 Daniel Walsh 2004-09-30 13:45:44 UTC
This should not be a problem.  The 'su' replacement (Which it is not)
is only used for init startup scripts and cron jobs.  Basically any
place where you don't need the suid and pam stuff.

Dan

Comment 5 Ulrich Drepper 2004-09-30 16:35:09 UTC
So you're saying the whole bug should not be an issue and can be
closed?  Was there something back in May which could have caused problems?


And: What is the reason for posting the URL?

Comment 6 Daniel Walsh 2004-09-30 18:20:41 UTC
Yes rpm updates were doing a service restart which caused ssh to come
up in the wrong state.  

Oops, I pasted the html in the wrong page.  Got to stop reading two
bugzillas at once.


Note You need to log in before you can comment on or make changes to this bug.