This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 189330 - setfiles segfaults in case of e.g. *.cgi is specified in context file
setfiles segfaults in case of e.g. *.cgi is specified in context file
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: policycoreutils (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-19 04:08 EDT by Peter Bieringer
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: RHBA-2007-0227
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-01 18:46:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2006-04-19 04:08:32 EDT
Description of problem:
setfiles segfaults, if e.g. *.cgi is specified in
/etc/selinux/targeted/contexts/files/file_context.local

Version-Release number of selected component (if applicable):
policycoreutils-1.18.1-4.9

How reproducible:
Everytime

Steps to Reproduce:
1. Apply entry like
# echo "*.cgi   system_u:object_r:httpd_sys_script_exec_t"
>>/etc/selinux/targeted/contexts/files/file_context.local
2. Execute setfiles
# setfiles /etc/selinux/targeted/contexts/files/file_context.local /root
setfiles:  read 1 specifications
setfiles:  labeling files under /root
Segmentation fault
 
Actual results:
segfault


Expected results:
no segfault


Additional info:

# gdb `which setfiles` core.5849
GNU gdb Red Hat Linux (6.3.0.0-1.96rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".

Core was generated by `setfiles
/etc/selinux/targeted/contexts/files/file_context.local /root'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libselinux.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libselinux.so.1
Reading symbols from /lib/libsepol.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libsepol.so.1
Reading symbols from /lib/tls/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2

#0  0x0041122b in regexec@@GLIBC_2.3.4 () from /lib/tls/libc.so.6
(gdb) bt
#0  0x0041122b in regexec@@GLIBC_2.3.4 () from /lib/tls/libc.so.6
#1  0x080491e3 in ?? ()
#2  0x0a0b23a4 in ?? ()
#3  0x0a0b33a0 in ?? ()
#4  0x00000000 in ?? ()




BTW: at least option "-F" is not specified in man page:
 setfiles [-d] [-l] [-n] [-e directory ] [-o filename ] [-q] [-s] [-v] [-vv]
[-W] [ spec_file pathname...
Comment 1 Daniel Walsh 2006-04-19 11:21:54 EDT
Does 

echo "/.*\.cgi   system_u:object_r:httpd_sys_script_exec_t" >>
/etc/selinux/targeted/contexts/files/file_context.local

setfiles /etc/selinux/targeted/contexts/files/file_context /root

work?
Comment 2 Peter Bieringer 2006-04-19 11:26:46 EDT
Yes, also working:

.*\.cgi   system_u:object_r:httpd_sys_script_exec_t
.*.cgi   system_u:object_r:httpd_sys_script_exec_t

Looks like a leading "*" will cause the segfault because it is a formal invalid
regexp, but can happen by user...

Comment 3 Josh Bressers 2006-09-21 15:03:36 EDT
I'm removing the Security keyword from this bug.  The issue described is not a
security vulnerability, it is a bug.
Comment 4 Daniel Walsh 2007-01-30 16:00:23 EST
Fixed in libselinux-1.19.1-7.3
Comment 7 Daniel Walsh 2007-03-20 17:18:04 EDT
Turns out this is also in policycoreutils since it is hard coded in setfiles in
RHEL4.
Comment 12 Red Hat Bugzilla 2007-05-01 18:46:42 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0227.html

Note You need to log in before you can comment on or make changes to this bug.