Red Hat Bugzilla – Bug 153687
seuser command segfaults
Last modified: 2007-11-30 17:07:17 EST
Description of problem:
When seuser command is run with various switches command segfaults
Version-Release number of selected component (if applicable):
[ i386 (clean install, no packages changed from default) ]
[ i386 (patched up2date) ]
[ x86_64 (patched up2date) ]
With and without X running.
As a root and non-root user.
Steps to Reproduce:
[root@server1 ~]# seuser version
[root@server1 ~]# seuser -h
The same occurs with non-sense input after the command name for example
[root@netserver-new setools]# seuser 1234567890
[root@netserver-new setools]# seuser foobarfoobar
Command displays help / version string / exits normally etc
I freely admit I know little about SElinux sub-system or its operation but this
seems too fundamental to overlook and worth reporting.
I note that the setools-1.5.1-5 SRPM does include the patch from Bugzilla Bug
138297 which on initial inspection seemed similar.
seuser is not intended to be used in targeted policy, only strict. But I have
prepared a fix on
This should go into U2 since U1 is already frozen.
Please try it out.
I can confirm that seuser from the (-5.1 release rpm you provided) now exits
cleanly on RHEL4-U0 (i386 and x86_86) with valid and invalid command line
switches passed to it.
Thanks for the note regarding its intended usage on strict policy systems which
I was unaware of.
The main use of seuser is to manipulate the user database, similarly to useradd,
It's main difference is that it will also manipulate the roles database of
SELinux. roles are not really used in targeted policy. We also intend to move
the ability to manipulate roles into useradd and friends in the future. This
mechanism will be different then seuser since it will not require that policy
sources be installed.