Bug 227345 - pam_namespace should convert the context names before it uses them as filenames
pam_namespace should convert the context names before it uses them as filenames
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Depends On:
Blocks: RHEL5LSPPCertTracker
  Show dependency treegraph
Reported: 2007-02-05 10:06 EST by Tomas Mraz
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHSA-2007-0555
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-07 10:40:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch by Ted X Toth (1.55 KB, patch)
2007-02-05 10:06 EST, Tomas Mraz
no flags Details | Diff
test script to create directories (2.01 KB, application/x-shellscript)
2007-05-05 12:34 EDT, Ted X Toth
no flags Details

  None (edit)
Description Tomas Mraz 2007-02-05 10:06:17 EST
From Ted X Toth (txtoth at gmail com):
The CAPCO security labeling standard allows for characters that are both illegal
(for instance '/') and unsightly in filenames. This patch processes the
context to generate a more viable filename. It does so by replacing
unwanted characters with '_'. I put together a list of character to be
replaced but feel free to alter it. I created the patch against
Rawhide but hopefully it will work its way into RHEL5.
Comment 1 Tomas Mraz 2007-02-05 10:06:17 EST
Created attachment 147358 [details]
Proposed patch by Ted X Toth
Comment 2 Daniel Walsh 2007-02-14 16:28:13 EST
I don't think this would be unigues.  The file context on disk should be stored
in untranslated form, which will always be a valid directory name.
Comment 3 Tomas Mraz 2007-02-26 19:30:53 EST
Fixed in pam- in dist-5E-lspp - we use raw contexts for dir names.
Comment 8 Ted X Toth 2007-05-05 12:34:23 EDT
Created attachment 154209 [details]
test script to create directories

We've got 1024 possible categories and a 256 character limitation on file name
length so it would not be unreasonable to create an invalid file name with this
Comment 12 errata-xmlrpc 2007-11-07 10:40:12 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.