163883 – segfaults when changing context

Bug 163883 - segfaults when changing context

Summary: segfaults when changing context

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	vixie-cron
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Marcela Mašláňová
QA Contact:	Brock Organ
Docs Contact:
URL:
Whiteboard:
Depends On:	151145
Blocks:
TreeView+	depends on / blocked

Reported:	2005-07-21 19:31 UTC by Jason Vas Dias
Modified:	2007-11-30 22:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:	vixie-cron-36_EL4
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-08-28 11:00:15 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Jason Vas Dias 2005-07-21 19:31:05 UTC

+++ This bug was initially created as a clone of Bug #151145 +++

Description of problem:

crond dies when executing jobs:

| Program received signal SIGSEGV, Segmentation fault.
| 0x97fddfba in *setexeccon_internal (context=0x11d3cc <Address 0x11d3cc out of
bounds>)
|     at setexeccon.c:15
| 15                      ret = write(fd, context, strlen(context)+1);
| (gdb) bt
| #0  0x97fddfba in *setexeccon_internal (context=0x11d3cc <Address 0x11d3cc out
of bounds>)
|     at setexeccon.c:15
| #1  0x6aab1988 in do_command (e=0x6aab86f0, u=0x6aab8698) at do_command.c:334
| #2  0x6aab11fc in job_runqueue () at job.c:66
| #3  0x6aaaed3e in main (argc=1, argv=0x4236e629) at cron.c:256


Previous breakpoints were

| Breakpoint 2, do_command (e=0x6aab86f0, u=0x6aab8698) at do_command.c:71
| 71              Debug(DPROC, ("[%ld] do_command(%s, (%s,%ld,%ld))\n",
| (gdb) p u
| $1 = (user *) 0x6aab8698
| (gdb) p *u
| $2 = {next = 0x0, prev = 0x6aab8190, name = 0x6aab81c0 "*system*", mtime =
1109646298, 
|   crontab = 0x6aab9700, scontext = 0x11d3cc <Address 0x11d3cc out of bounds>}
| (gdb) c
| Continuing.
| Attaching after fork to child process 28298.
| Attaching after fork to child process 28299.
| [Switching to process 28299]
| 
| Breakpoint 1, 0x97fddf7e in *setexeccon_internal (context=0x11d3cc <Address
0x11d3cc out of bounds>)
|     at setexeccon.c:7
| 7       {
| (gdb) c


As you see, 'u->scontext' is uninitialized which is caused in
get_security_context() (user.c) by

|       if (get_default_context(name, NULL, &scontext)) {
|               if (security_getenforce() > 0) {
|                       log_it(name, getpid(), "No SELinux security
context",tabname);
|                       return -1;
|               } else {
|                       log_it(name, getpid(), "No security context but SELinux
in permissive mode, co
|               }
|       }

On my system (a chroot environment), get_default_context() fails and
'scontext' gets never be initialized.



Version-Release number of selected component (if applicable):

vixie-cron-4.1-24_FC4
libselinux-1.22-1

Comment 1 Jason Vas Dias 2005-08-01 13:28:10 UTC

This is fixed with vixie-cron-36_EL4, to be delivered in RHEL-4-U2.
Meanwhile, it can be obtained from:
  http://people.redhat.com/~jvdias/cron/RHEL-4

Comment 2 Marcela Mašláňová 2006-08-28 11:00:15 UTC

It has been fixed in vixie-cron-36_EL4.

Note You need to log in before you can comment on or make changes to this bug.