227345 – pam_namespace should convert the context names before it uses them as filenames

Bug 227345 - pam_namespace should convert the context names before it uses them as filenames

Summary: pam_namespace should convert the context names before it uses them as filenames

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	pam
Sub Component:
Version:	5.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Tomas Mraz
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	RHEL5LSPPCertTracker
TreeView+	depends on / blocked

Reported:	2007-02-05 15:06 UTC by Tomas Mraz
Modified:	2007-11-30 22:07 UTC (History)
CC List:	2 users (show)
Fixed In Version:	RHSA-2007-0555
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-11-07 15:40:12 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Proposed patch by Ted X Toth (1.55 KB, patch) 2007-02-05 15:06 UTC, Tomas Mraz	no flags	Details \| Diff
test script to create directories (2.01 KB, application/x-shellscript) 2007-05-05 16:34 UTC, Ted X Toth	no flags	Details
Show Obsolete (1) View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0555	0	normal	SHIPPED_LIVE	Moderate: pam security, bug fix, and enhancement update	2007-11-07 16:22:23 UTC

Description Tomas Mraz 2007-02-05 15:06:17 UTC

From Ted X Toth (txtoth at gmail com):
The CAPCO security labeling standard allows for characters that are both illegal
(for instance '/') and unsightly in filenames. This patch processes the
context to generate a more viable filename. It does so by replacing
unwanted characters with '_'. I put together a list of character to be
replaced but feel free to alter it. I created the patch against
Rawhide but hopefully it will work its way into RHEL5.

Comment 1 Tomas Mraz 2007-02-05 15:06:17 UTC

Created attachment 147358 [details]
Proposed patch by Ted X Toth

Comment 2 Daniel Walsh 2007-02-14 21:28:13 UTC

I don't think this would be unigues.  The file context on disk should be stored
in untranslated form, which will always be a valid directory name.

Comment 3 Tomas Mraz 2007-02-27 00:30:53 UTC

Fixed in pam-0.99.6.2-17.el5 in dist-5E-lspp - we use raw contexts for dir names.

Comment 8 Ted X Toth 2007-05-05 16:34:23 UTC

Created attachment 154209 [details]
test script to create directories

We've got 1024 possible categories and a 256 character limitation on file name
length so it would not be unreasonable to create an invalid file name with this
scheme.

Comment 12 errata-xmlrpc 2007-11-07 15:40:12 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0555.html

Note You need to log in before you can comment on or make changes to this bug.