Bug 216860 - LTC29343-LSPP : netlabelctl tool should print error when used incorrectly
Summary: LTC29343-LSPP : netlabelctl tool should print error when used incorrectly
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: netlabel_tools   
(Show other bugs)
Version: 5.0
Hardware: All Linux
Target Milestone: ---
: ---
Assignee: James Antill
QA Contact: Tom Kincaid
Depends On:
TreeView+ depends on / blocked
Reported: 2006-11-22 12:31 UTC by Issue Tracker
Modified: 2007-11-30 22:07 UTC (History)
5 users (show)

Fixed In Version: RC
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-02-08 00:48:12 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Issue Tracker 2006-11-22 12:31:20 UTC
Escalated to Bugzilla from IssueTracker

Comment 1 Issue Tracker 2006-11-22 12:31:22 UTC
LTC Owner is: suzukikp@in.ibm.com
LTC Originator is: loulwa@us.ibm.com

---Problem Description---
netlabelctl command fails without any warning messages when the mgmt option is 
used with the wrong parameters
Linux oracer3.ltc.austin.ibm.com 2.6.18-1.2747.2.1.el5.lspp.55 #1 SMP Fri Nov 
10 12:21:43 EST 2006 x86_64 x86_64 x86_64 GNU/Linux
Machine Type = x86_64
---Steps to Reproduce---
Try the netlablectl command with the mgmt option as follows
#netlabelctl cipsov4 add pass doi:1 tags:1
#netlabelctl mgmt del default
#netlabelctl mgmt add default protocol:cipsov4,1

The last two commands should print some sort of error message since they 
really don't accept these parameters according to the man page.

As per Klaus, security relevant tools should at least print some error message 
when used incorrectly
---Base System Tools Component Data---
Userspace tool common name: netlabel_tools

The userspace tool has the following bit modes: both

Userspace rpm: netlabel_tools-0.17-5.fc6
*Additional Instructions for loulwa / loulwa@us.ibm.com:
netlabelctl failing silently gave the impression that the command was working 
when it really was not and no cipso labeling was added to the packets.

LSPP bug, please also cc iboverma@redhat.com and sgrubb@redhat.com
This event sent from IssueTracker by sfernand  [Support Engineering Group]
 issue 107064

Comment 2 Irina Boverman 2006-11-22 15:45:24 UTC
IBM, can we make this bug public?

Comment 3 Issue Tracker 2006-11-22 20:31:24 UTC
Update to issue 107064 by bugzilla
>Action: These changes made by iboverma@redhat.com.
>Bugzilla comment added:
> IBM, can we make this bug public?

>Flag(s) 'rhel-5.0.0?, blocker?, pm_ack+, devel_ack?' added


We have no problem with you making this public.  Stephanie Glass Red Hat 
Project Manager. 

This event sent from IssueTracker by Glen Johnson 
 issue 107064

Comment 4 Irina Boverman 2006-11-22 20:44:02 UTC
making it public.

Comment 5 Ronald Pacheco 2006-11-24 13:58:03 UTC
From Paul Moore:

I am still unable to edit the BZ, please add the following response to the BZ entry.

This should be fixed in revision 29 of the netlabel_tools SVN repository.  I'm
not allowed to add attachments to this entry, so I am including the patch below:

--- CHANGELOG   (revision 28)
+++ CHANGELOG   (revision 29)
@@ -5,6 +5,8 @@
 o Fixed some problems when printing CIPSOv4 and map information when not using
   the '-p' flag
+o Always display an error message if an error occurred, based on patch from
+  Klaus Weidner <klaus@atsec.com>

 * Release Release 0.17 (September 28, 2006)
Index: netlabelctl/main.c
--- netlabelctl/main.c  (revision 28)
+++ netlabelctl/main.c  (revision 29)
@@ -253,8 +253,7 @@
   ret_val = module_main(argc - optind - 1, argv + optind + 1);
   if (ret_val < 0) {
-    if (opt_pretty)
-      fprintf(stderr, MSG_ERR("%s\n"), nlctl_strerror(-ret_val));
+    fprintf(stderr, MSG_ERR("%s\n"), nlctl_strerror(-ret_val));
     ret_val = RET_ERR;
   } else
     ret_val = RET_OK;

-- paul moore linux security @ hp 

Comment 7 James Antill 2006-11-29 21:01:50 UTC
 Fixed for RHEL-5 in netlabel_tools-0.17-9.el5.i386

Comment 8 Jay Turner 2006-12-14 13:13:46 UTC
QE ack for RHEL5.

Comment 10 RHEL Product and Program Management 2007-02-08 00:48:12 UTC
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.

Note You need to log in before you can comment on or make changes to this bug.